[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] predictable PRNG used

From: Michael S. Gilbert
Subject: Re: [Lynx-dev] predictable PRNG used
Date: Sun, 5 Jul 2009 13:04:27 -0400

On Sun, 5 Jul 2009 13:08:38 +0000 (UTC) Thorsten Glaser wrote:
> If arc4random(3) is availableĀ¹, lynx uses it. I sent in a patch
> for that years ago. Otherwise, there is no good self-seeding SRNG
> available in the standards, so it will use lrand48(3) insteadĀ²,
> with a fallback to rand(3) like everyone else.

i'm triaging this issue for linux, and i don't believe that it has an
arc4random implementation.  so this would mean that lynx is using the
very insecure linear congruential algorithm and is thus affected by
this issue?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]