From owner-freebsd-current Sun Feb 2 11:55:44 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2979837B401; Sun, 2 Feb 2003 11:55:43 -0800 (PST) Received: from glatton.cnchost.com (glatton.cnchost.com [207.155.248.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA56E43F3F; Sun, 2 Feb 2003 11:55:42 -0800 (PST) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (adsl-209-204-185-216.sonic.net [209.204.185.216]) by glatton.cnchost.com id OAA20742; Sun, 2 Feb 2003 14:55:25 -0500 (EST) [ConcentricHost SMTP Relay 1.15] Message-ID: <200302021955.OAA20742@glatton.cnchost.com> To: Mark Murray Cc: "Jeroen C. van Gelderen" , phk@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: rand() is broken In-reply-to: Your message of "Sun, 02 Feb 2003 19:08:47 GMT." <200302021908.h12J8laX050048@grimreaper.grondar.org> Date: Sun, 02 Feb 2003 11:55:25 -0800 From: Bakul Shah Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > RC4 is _utterly_ repeatable, given a particular seed/key. May be but it is not the same as the current random(). Also, I know you will want to change it the next time some one points out a problem with RC4. > Yes. And it breaks, and we have a complainant. So create a new function! Or use a different function to generate or initialize the seed. I think one has to treat a behavior bug very carefully. If enough people are depending on it, it pretty much has to get enshrined as part of the spec -- sort of like the timeout arg to select(). > The random() function in libc is documented to give the same > pseudo-random output for a particular seed. if you link your > program against a _different_ libc, you cannot expect your > results to follow a particular number sequence. There is an expectation that on subsequent releases of the same OS things continue to work. Historically rand() and random() under unix have been used the most for simulation. [aside: Earl T. Cohen (the author of random(3)) also has had a lot to do in this area] Why not totally separate all uses of crypto related random number generator uses from the traditional simulation use? That way you can change crypto_random to your heart's content as the crypto needs change (as they will). -- bakul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message