From owner-freebsd-current  Sun Feb  2 16:43:12 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1AB0E37B401
	for <current@freebsd.org>; Sun,  2 Feb 2003 16:43:11 -0800 (PST)
Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B374743F43
	for <current@freebsd.org>; Sun,  2 Feb 2003 16:43:10 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0402.cvx21-bradley.dialup.earthlink.net ([209.179.193.147] helo=mindspring.com)
	by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)
	id 18fUhW-0000XE-00; Sun, 02 Feb 2003 16:43:06 -0800
Message-ID: <3E3DBAC3.14E4ED81@mindspring.com>
Date: Sun, 02 Feb 2003 16:41:39 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Mark Murray <mark@grondar.org>
Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, current@FreeBSD.ORG
Subject: Re: rand() is broken
References: <200302022302.h12N23aX053186@grimreaper.grondar.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a474d2a290bd18d30e306b644a80c5466e350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Mark Murray wrote:
> > That's why randomness tests + mathematician to interpretate their results
> > are needed to compare what we have now in random(3) with RC4. Easy and
> > understandable code not always mean better results. We can't switch
> > algorithms blindly, i.e. when their comparative quality remains unknown.
> 
> Actually, RC4 is well understood (and trusted). LCRNG's are considered
> less good in comparison with cryptographic techniques. There is too much
> to go wrong in them (as you have just discovered!) :-)

Donald Knuth seemed to like them well enough to publish the
algorithm, as part of his discussion on randomness.  He *didn't*
publish RC4, in that same discussion.

Cryptographic uses are a small percentage of the real-world use
for PRNG's.  If you are worried about cryptographic strength,
then you shouldn't be using a libc function.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message