lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] predictable PRNG used


From: Thomas Dickey
Subject: Re: [Lynx-dev] predictable PRNG used
Date: Sun, 5 Jul 2009 13:19:17 -0400 (EDT)

On Sun, 5 Jul 2009, Michael S. Gilbert wrote:

On Sun, 5 Jul 2009 13:08:38 +0000 (UTC) Thorsten Glaser wrote:
If arc4random(3) is available┬╣, lynx uses it. I sent in a patch
for that years ago. Otherwise, there is no good self-seeding SRNG
available in the standards, so it will use lrand48(3) instead┬▓,
with a fallback to rand(3) like everyone else.

i'm triaging this issue for linux, and i don't believe that it has an
arc4random implementation.  so this would mean that lynx is using the
very insecure linear congruential algorithm and is thus affected by
this issue?

It depends - lynx's configure script looks for these pairs:

arc4random_push/arc4random
arc4random_stir/arc4random srandom/random
srand48/lrand48
srand/rand

On Debian/testing, it'll use srandom and random, whose manpage says non-linear:

       The random() function uses a non-linear additive feedback random number
       generator employing a default table of size 31 long integers to  return
       successive  pseudo-random numbers in the range from 0 to RAND_MAX.  The
       period of this random number generator  is  very  large,  approximately
       16*((2**31)-1).

--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

reply via email to

[Prev in Thread] Current Thread [Next in Thread]