[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: $RANDOM not Cryptographically secure pseudorandom number generator
From: |
Eduardo Bustamante |
Subject: |
Re: $RANDOM not Cryptographically secure pseudorandom number generator |
Date: |
Mon, 3 Dec 2018 10:53:01 -0800 |
On Mon, Dec 3, 2018 at 9:36 AM Greg Wooledge <wooledg@eeg.ccf.org> wrote:
>
> On Mon, Dec 03, 2018 at 05:31:18PM +0100, Ole Tange wrote:
> > Luckily I did not just assume that Bash delivers high quality random
> > numbers, but I read the source code, and then found that the quality
> > was low. I do not think must users would do that.
>
> You're correct. Most users would not have to read the source code to
> know that the built-in PRNG in bash (or in libc, or in basically ANY
> other standard thing) is of lower than cryptographic quality.
>
> Most users already KNOW this.
I have to echo this. If you are writing an application that requires
high quality random number, the onus is on YOU to ensure that you're
using quality sources and a good CSRNG. It would be a user mistake to
just use whatever the standard library of the run-time you're using
provides. Do we have to change C's rand() too? Or python's "random"
module? Or perl's "rand"? Or ruby's? (etc etc)
I do agree that adding a note in the manual to this effect would be nice though.
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/02
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/02
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/03
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Greg Wooledge, 2018/12/03
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/03
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/03
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/15
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/16
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/28
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/31
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/17