From owner-cvs-games Wed Sep 24 00:02:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id AAA08970 for cvs-games-outgoing; Wed, 24 Sep 1997 00:02:07 -0700 (PDT) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id AAA08886; Wed, 24 Sep 1997 00:01:30 -0700 (PDT) Received: from greenpeace.grondar.za (1DLctJWnjezsov4jkZQHGP8kBwdNPmmW@greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.8.7/8.8.7) with ESMTP id JAA04031; Wed, 24 Sep 1997 09:01:45 +0200 (SAT) Received: from greenpeace.grondar.za (6SFkmB+87xlnip+Dh4l9Xu8DGvcZCMcP@localhost [127.0.0.1]) by greenpeace.grondar.za (8.8.7/8.8.7) with ESMTP id JAA01227; Wed, 24 Sep 1997 09:02:32 +0200 (SAT) Message-Id: <199709240702.JAA01227@greenpeace.grondar.za> X-Mailer: exmh version 2.0zeta 7/24/97 To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= cc: Mark Murray , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-games@FreeBSD.ORG Subject: Re: cvs commit: src/games/arithmetic arithmetic.c Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 24 Sep 1997 09:02:31 +0200 From: Mark Murray Sender: owner-cvs-games@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= wrote: > 1) srandomdev() is designed to replace all srandom(time()) or > similar occurances. Games should not be using this. if the randomness from srandom(time()) is not good enough, then we need to think of other algorithms, like md5. > 2) cryptographics generator will be only better (less predictable) if > rolled more Not true. This is true randomness, not a linear congruential driver. /dev/random gets _actual_ randoness from its environment, and this may be a sparse resourse. What you should be doing rather is (say) MD5'ing the output of `ps -ax`. > 3) There is no resource waste here since /dev/urandom readed only > once per program. ...and some programs may be used heavily by users, thus depleting the stash of randomness. I have seen bored users sit for hours, running fortune(6). One srandomdev() call per on a machine with little environmental noise, and that machine's pool-of-entropy is history. I would prefer to see this use of randomness set as an option, not the default, if at all. The whole purpose of adding in /dev/random was for security use. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org