[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number
|
From: |
Martijn Dekker |
|
Subject: |
Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number generator |
|
Date: |
Mon, 21 Jan 2019 21:46:05 +0000 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
Op 21-01-19 om 20:12 schreef Chet Ramey:
> On 1/20/19 9:04 PM, Rawiri Blundell wrote:
>> For what it's worth I did consider suggesting URANDOM, however I
>> figured some users may confuse it like this:
>>
>> RANDOM -> /dev/random
>> URANDOM -> /dev/urandom
>>
>> Couple that with an established base of myths about /dev/urandom, I
>> thought it might be best to suggest something else to eliminate that
>> potential confusion.
>
> I can see that, but I think RANDOM is established enough that nobody
> assumes it has anything to do with /dev/random.
Not every shell scripter has years of experience. If you pair a RANDOM
with a URANDOM in the shell, then I do think many people will
automatically associate these with /dev/random and /dev/urandom.
Also, I think the name should describe the functionality, not the
specific way it's obtained -- because that could change at some point in
the future, and/or become system-dependent.
So I think SRANDOM is the best name (or SECURE_RANDOM, though that is a
bit long).
> If we're converging on something like URANDOM (or some other name) for a
> better RNG, I don't see the need to change the RANDOM generator.
FWIW, I agree.
- M.