From owner-cvs-all Sun Feb 25 1:33:12 2001 Delivered-To: cvs-all@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id D6F4C37B401; Sun, 25 Feb 2001 01:33:08 -0800 (PST) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f1P9X7a13051; Sun, 25 Feb 2001 01:33:07 -0800 (PST) (envelope-from dillon) Date: Sun, 25 Feb 2001 01:33:07 -0800 (PST) From: Matt Dillon Message-Id: <200102250933.f1P9X7a13051@earth.backplane.com> To: Kris Kennaway Cc: Bruce Evans , Robert Watson , Nick Sayer , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: ports/astro/xglobe/files patch-random References: <200102250900.f1P90Qc12868@earth.backplane.com> <20010225012246.A30454@mollari.cthul.hu> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG : :Matt, please read the subject line of the thread you're replying to, :and the commit which started it. rand() just isn't very good as it :stands, from other standpoints that security. Please also read my :reply to -arch before responding further. : :Kris I went back and read it. It hasn't changed anything. The manual page for rand() is very specific on the API. If you don't like the sequence returned you could simply fix rand() in libc to use srandom() without breaking the spec. But putting a #warning in is not appropriate. There is nothing fundamentally wrong with the API - in fact, it's almost exactly the same API that srandom() uses except srandom() provides for a larger range of options in regards to seeding. Adding a #warning is adding a hack rather then adding a fix. You may not like the fact that rand() can never be cryptographically secure, but that doesn't illegitimize rand(). As I said, there is a huge class of problems for which a fixed pseudo random sequence is perfectly acceptable. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message