Re: [Lynx-dev] predictable PRNG used

[Thorsten Glaser]

Michael S. Gilbert dixit:

>it has been discovered that all of the major web browsers use a
>predictable pseudo-random number generator (PRNG).  please see
>reference [0].  lynx is fairly basic, so it may not be affected, but it
>would be useful to check nontheless.  thanks.

If arc4random(3) is available¹, lynx uses it. I sent in a patch
for that years ago. Otherwise, there is no good self-seeding SRNG
available in the standards, so it will use lrand48(3) instead²,
with a fallback to rand(3) like everyone else.

So, basically, lynx uses a good SRNG or PRNG if available from
the OS, and it’s not lynx’ fault if there is none. (After all,
lynx runs on DOS and VMS, too.)

① http://www.mirbsd.org/man3/arc4random
② http://www.mirbsd.org/man3/lrand48

//mirabilos
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
        -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2