From owner-cvs-all  Sun Feb 25  1:22:55 2001
Delivered-To: cvs-all@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-199.dsl.lsan03.pacbell.net [63.207.60.199])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3771137B491; Sun, 25 Feb 2001 01:22:47 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id A498066F83; Sun, 25 Feb 2001 01:22:46 -0800 (PST)
Date: Sun, 25 Feb 2001 01:22:46 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Bruce Evans <bde@zeta.org.au>,
	Kris Kennaway <kris@obsecurity.org>,
	Robert Watson <rwatson@FreeBSD.ORG>, Nick Sayer <nsayer@FreeBSD.ORG>,
	cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: ports/astro/xglobe/files patch-random
Message-ID: <20010225012246.A30454@mollari.cthul.hu>
References: <Pine.BSF.4.21.0102251920150.6561-100000@besplex.bde.org> <200102250900.f1P90Qc12868@earth.backplane.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102250900.f1P90Qc12868@earth.backplane.com>; from dillon@earth.backplane.com on Sun, Feb 25, 2001 at 01:00:26AM -0800
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 25, 2001 at 01:00:26AM -0800, Matt Dillon wrote:
> :
> :The C standard just gives an example of a portable implementation without
> :saying that it is a bad example.
> :
> :On second thoughts, the standard rand() is somewhat broken as designed.
> :"unsigned int" seed limits it to UINT_MAX sequences, and there is no
> :way to ask for irreproducible randomness.
> :
> :Bruce
>=20
>     Yes, but on the otherhand there are a huge class of applications
>     that don't need irreproducible randomness.  For example, games,
>     many classes of math problems, EE and other simulations... quite a few
>     things do just fine with a standard pseudo-random sequence.  It's only
>     security and cryptography where rand() really breaks down.   These are
>     certainly important application classes, but they are by no means the
>     *only* application class to consider.   I see no reason to marginalize
>     'everything else' with a warning.  I'm not that paranoid.

Matt, please read the subject line of the thread you're replying to,
and the commit which started it.  rand() just isn't very good as it
stands, from other standpoints that security.  Please also read my
reply to -arch before responding further.

Kris

--wRRV7LY7NUeQGEoC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6mM7mWry0BWjoQKURApk3AJ9wrCNryThBxtwMCrrc/IP4ZB0lNQCcDD32
4euBhLkO4A65zl+n9hiCWUM=
=9sef
-----END PGP SIGNATURE-----

--wRRV7LY7NUeQGEoC--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message