Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Feb 2015 13:20:42 -0700
From:      Warner Losh <imp@bsdimp.com>
To:        John-Mark Gurney <jmg@funkthat.com>
Cc:        Konstantin Belousov <kostikbel@gmail.com>, Harrison Grundy <harrison.grundy@astrodoggroup.com>, freebsd-arch@freebsd.org
Subject:   Re: locks and kernel randomness...
Message-ID:  <A66D4D0D-CF5A-4A66-B2AD-9789306DB63E@bsdimp.com>
In-Reply-To: <20150224200643.GN46794@funkthat.com>
References:  <20150224012026.GY46794@funkthat.com> <20150224015721.GT74514@kib.kiev.ua> <54EBDC1C.3060007@astrodoggroup.com> <20150224024250.GV74514@kib.kiev.ua> <DD06E2EA-68D6-43D7-AA17-FB230750E55A@bsdimp.com> <20150224174053.GG46794@funkthat.com> <1E4A5E62-6E06-48BA-B5C5-9BD05811CDEF@bsdimp.com> <20150224183051.GJ46794@funkthat.com> <8157A5FC-C402-4C77-8535-AAF73BB64E8E@bsdimp.com> <20150224200643.GN46794@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On Feb 24, 2015, at 1:06 PM, John-Mark Gurney <jmg@funkthat.com> =
wrote:
>=20
>> Historically, a CSPRNG is spelled rand() or random(). So by calling =
those functions,
>> they are saying they want that. Some callers need more, others do =
not.
>=20
> Citation please?  In my copy of the C99 specification, the rand =
function
> says nothing about being cryptographicly secure..  and the srand =
function
> specificly states that after calling srand, rand will be seeded w/
> a unsigned int, or 32bits, so by definition not CSPRNG..
>=20
> Also, Single UNIX Specification:
> http://pubs.opengroup.org/onlinepubs/007908799/xsh/rand.html
>=20
> has the same definition.
>=20
> As for random() from our own man page:
>     The random() function uses a non-linear additive feedback random =
number
>     generator employing a default table of size 31 long integers to =
return
>     successive pseudo-random numbers in the range from 0 to (2**31)-1. =
 The
>=20
> oh, and immediately before that, it says:
>     The functions described in this manual page are not =
cryptographically
>     secure.  Cryptographic applications should use arc4random(3) =
instead.
>=20
> So, I really would like to know where you get the idea the rand() and
> random() are CSPRNG.. Though I'm fine w/ making them so..

Historically algorithmic PRNG is spelled random(). My brain thought that =
and
typed CSPRNG.

Warner

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A66D4D0D-CF5A-4A66-B2AD-9789306DB63E>