From owner-freebsd-current Sun Feb 2 16:41:13 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48F8937B401 for ; Sun, 2 Feb 2003 16:41:12 -0800 (PST) Received: from calis.blacksun.org (calis.blacksun.org [216.254.108.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EE2C43F3F for ; Sun, 2 Feb 2003 16:41:11 -0800 (PST) (envelope-from don@calis.blacksun.org) Received: by calis.blacksun.org (Postfix, from userid 1001) id 69B1217025; Sun, 2 Feb 2003 19:41:45 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by calis.blacksun.org (Postfix) with ESMTP id 6660317021 for ; Sun, 2 Feb 2003 19:41:45 -0500 (EST) Date: Sun, 2 Feb 2003 19:41:45 -0500 (EST) From: Don To: current@FreeBSD.ORG Subject: Re: rand() is broken In-Reply-To: <200302030026.33781.ejb@lythe.org.uk> Message-ID: <20030202193215.E2519@calis.blacksun.org> References: <200302021848.NAA19508@agamemnon.cnchost.com> <200302030007.01718.ejb@lythe.org.uk> <20030202190827.K2458@calis.blacksun.org> <200302030026.33781.ejb@lythe.org.uk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > It isn't a question of the API. It's a question of expected function > > output. > > Then it's applicable not only to binary packages as Terry states, but any > source that uses rand(). I think Terry mentioned binary packages simply because it is harder to fix them than something available as source but I could be mistaken. > I would say that depending on the internal algorithm used by rand() (or > random()) is a bad idea; however, I don't know what the relevant standards > say about this, so I won't say any further. > > (Why is it a bad idea? Because I'm not going to write software which makes > this assumption; I'm sure that even if at some point in time all systems use > an identical algorithm, at some point my software will have to run on a > system which uses something different. So if I really need it, I will take > rand() from libc and place it in my own code.) If only all developers were as good as you we would not have a problem. > > A seperate function for those who need cryptographic randomness seems like > > a _much_ better idea. > > I'm not sure Yet Another RNG API (of course arc4random() already exists) gains > anything unless rand()/random() absolutely cannot be changed; and as I say > I'm not convinced this is the case. I am by no means convinced either. I do, however, think this is something that should not be changed without a lot of consideration and testing. Your point about arc4random() is a good one. Why depend on rand() for cryptographic randomness when we already have arc4random()? > Doesn't even the 0 / RAND_MAX fix change > the algorithm? Software which relies on that behaviour will break .. Any software which always needs to get back maxint when it calls rand() is hopelessly broken :) Besides which, I don't recall advocating that change either. -Don To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message