From owner-freebsd-current Sun Feb 2 15: 6:57 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5626D37B401 for ; Sun, 2 Feb 2003 15:06:56 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73F7F43F3F for ; Sun, 2 Feb 2003 15:06:55 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.6/8.12.6) with ESMTP id h12N6sLf081275; Sun, 2 Feb 2003 23:06:54 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.6/8.12.6/Submit) with UUCP id h12N6smm081274; Sun, 2 Feb 2003 23:06:54 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.6/8.12.6) with ESMTP id h12N23aX053186; Mon, 3 Feb 2003 01:02:03 +0200 (SAST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200302022302.h12N23aX053186@grimreaper.grondar.org> To: "Andrey A. Chernov" Cc: current@FreeBSD.ORG Subject: Re: rand() is broken In-Reply-To: Your message of "Mon, 03 Feb 2003 01:48:57 +0300." <20030202224857.GA69078@nagual.pp.ru> Date: Sun, 02 Feb 2003 23:02:03 +0000 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Andrey A. Chernov" writes: > On Sun, Feb 02, 2003 at 22:35:54 +0000, Mark Murray wrote: > > > > I stand (somewhat) corrected. The random() code is _nasty_ complexity-wise. > > Its not obvious how it works. > > > > RC4 is 10-20 lines and clean with no magic numbers. > > That's why randomness tests + mathematician to interpretate their results > are needed to compare what we have now in random(3) with RC4. Easy and > understandable code not always mean better results. We can't switch > algorithms blindly, i.e. when their comparative quality remains unknown. Actually, RC4 is well understood (and trusted). LCRNG's are considered less good in comparison with cryptographic techniques. There is too much to go wrong in them (as you have just discovered!) :-) M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message