From owner-freebsd-current Sun Feb 2 16:56:36 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00C9F37B401 for ; Sun, 2 Feb 2003 16:56:35 -0800 (PST) Received: from a.smtp.serv.lythe.org.uk (pc4-oxfd1-6-cust225.oxfd.cable.ntl.com [62.254.141.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id 133F443F3F for ; Sun, 2 Feb 2003 16:56:34 -0800 (PST) (envelope-from ejb@insolence.lythe.org.uk) Received: from insolence.lythe.org.uk (ejb@localhost [IPv6:::1]) by a.smtp.serv.lythe.org.uk (8.12.6/8.12.6) with ESMTP id h130uW1a005973; Mon, 3 Feb 2003 00:56:32 GMT (envelope-from ejb@insolence.lythe.org.uk) Received: from localhost (localhost [[UNIX: localhost]]) by insolence.lythe.org.uk (8.12.6/8.12.6/Submit) id h130uWa9005972; Mon, 3 Feb 2003 00:56:32 GMT (envelope-from ejb) From: Edward Brocklesby To: Don , current@FreeBSD.ORG Subject: Re: rand() is broken Date: Mon, 3 Feb 2003 00:56:32 +0000 User-Agent: KMail/1.5 References: <200302021848.NAA19508@agamemnon.cnchost.com> <200302030026.33781.ejb@lythe.org.uk> <20030202193215.E2519@calis.blacksun.org> In-Reply-To: <20030202193215.E2519@calis.blacksun.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200302030056.32009.ejb@lythe.org.uk> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday 03 February 2003 12:41 am, Don wrote: > I think Terry mentioned binary packages simply because it is harder to fix > them than something available as source but I could be mistaken. Possibly -- if we're looking at this from the point of view of the user of said binary package, rather than the developer (as I'd assumed), then I see what you mean (you can do ld hacks and so on, but ..) > > I'm not sure Yet Another RNG API (of course arc4random() already exists) > > gains anything unless rand()/random() absolutely cannot be changed; and > > as I say I'm not convinced this is the case. > > I am by no means convinced either. I do, however, think this is something > that should not be changed without a lot of consideration and testing. IMHO, it "shouldn't" break things (ie, things shouldn't be relying on it); but, well, I can accept there might be something that does. I do find it hard to believe though; this 'simulation' problem is the first I've heard of it, and it doesn't look like an insurmountable one. > Your point about arc4random() is a good one. Why depend on rand() for > cryptographic randomness when we already have arc4random()? Because arc4random() is not portable. I would rather rely on the OS having a useful rand() RNG rather than #ifdef'ing on this that and the other to choose the correct one. > > Doesn't even the 0 / RAND_MAX fix change > > the algorithm? Software which relies on that behaviour will break .. > > [...] I don't recall advocating that change either. Well, no -- but are you against it? Where is the line drawn? Regards, Edward. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message