From owner-freebsd-current  Sun Feb 16 21:57:45 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6665A37B401; Sun, 16 Feb 2003 21:57:44 -0800 (PST)
Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 817F143F3F; Sun, 16 Feb 2003 21:57:43 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h1H5vfQb006146;
	Sun, 16 Feb 2003 21:57:41 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h1H5vfmM006145;
	Sun, 16 Feb 2003 21:57:41 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Date: Sun, 16 Feb 2003 21:57:41 -0800
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: Kris Kennaway <kris@obsecurity.org>
Cc: "Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG
Subject: Re: cvs commit: src/lib/libc/stdlib rand.c
Message-ID: <20030217055741.GA6011@HAL9000.homeunix.com>
Mail-Followup-To: Kris Kennaway <kris@obsecurity.org>,
	"Andrey A. Chernov" <ache@FreeBSD.ORG>, current@FreeBSD.ORG
References: <200302170352.h1H3qawJ062671@repoman.freebsd.org> <20030217045729.GA68471@rot13.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030217045729.GA68471@rot13.obsecurity.org>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Thus spake Kris Kennaway <kris@obsecurity.org>:
> I think we should commit this patch (to -current) and fix all the
> problems that pop up.  For example, it's used in awk (which started
> this set of changes), and in some of the XFree86 libraries.
...
> +__warn_references(rand_r,
> +	"warning: rand_r() does not produce high-quality random numbers and should not generally be used");

Many programmers who use rand() are aware that it isn't very good,
but don't care for their particular application.  For instance,
for games or for randomized backoff in network protocols, you
might just want a sequence of numbers that looks kinda random, and
you don't care that there happens to be a pattern in the
lowest-order bits that you see only if you look carefully.  rand()
isn't like gets() because it's nearly impossible to write a robust
program using gets().

It might make sense to put in the warning just to check whether
someone used rand() when they really wanted cryptographic-quality
randomness, but people would probably get annoyed if the next
release of FreeBSD nagged them about every use of rand().

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message