From owner-cvs-all  Sun Feb 25  3: 2:41 2001
Delivered-To: cvs-all@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-199.dsl.lsan03.pacbell.net [63.207.60.199])
	by hub.freebsd.org (Postfix) with ESMTP
	id 22DE537B491; Sun, 25 Feb 2001 03:02:27 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id C6BC766F83; Sun, 25 Feb 2001 03:02:26 -0800 (PST)
Date: Sun, 25 Feb 2001 03:02:26 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: ports/astro/xglobe/files patch-random
Message-ID: <20010225030226.A31350@mollari.cthul.hu>
References: <Pine.BSF.4.21.0102251920150.6561-100000@besplex.bde.org> <200102250900.f1P90Qc12868@earth.backplane.com> <20010225012246.A30454@mollari.cthul.hu> <200102250933.f1P9X7a13051@earth.backplane.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102250933.f1P9X7a13051@earth.backplane.com>; from dillon@earth.backplane.com on Sun, Feb 25, 2001 at 01:33:07AM -0800
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--M9NhX3UHpAaciwkO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 25, 2001 at 01:33:07AM -0800, Matt Dillon wrote:
> :
> :Matt, please read the subject line of the thread you're replying to,
> :and the commit which started it.  rand() just isn't very good as it
> :stands, from other standpoints that security.  Please also read my
> :reply to -arch before responding further.
> :
> :Kris
>=20
>     I went back and read it.  It hasn't changed anything.  The manual
>     page for rand() is very specific on the API.  If you don't like
>     the sequence returned you could simply fix rand() in libc to use
>     srandom() without breaking the spec.  But putting a #warning in

Gah, didn't I also tell you to go and read my reply on -arch? *sigh*

>     I said, there is a huge class of problems for which a fixed pseudo
>     random sequence is perfectly acceptable.

And you're still missing the point that some non-cryptographic
applications of rand() as it stands are invalid, because of the reason
noted in the commit message.  However, I'll ask you a third time to
read my followup on -arch.

Kris

--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6mOZCWry0BWjoQKURAjJqAJ9xU87YxQBrXAqOyjicmDHduQACRwCfcLZN
O38eoTbXIirImhgy8HIzSu8=
=Epvh
-----END PGP SIGNATURE-----

--M9NhX3UHpAaciwkO--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message