Given the number of softwares that are compromised by bad random number generation practices, I'd suggest we invert the normal behavior - random by default. If they need predictability then make them seed with a constant seed.
For a more detailed talk on secure random: https://www.youtube.com/watch?v=n_xiOYvr6oY > Sent: Tuesday, June 13, 2017 at 3:52 PM > From: "Thiago Macieira" <[email protected]> > To: [email protected] > Subject: [Development] What to do with qrand/qsrand? > > I've changed almost all uses of qrand in Qt sources to QRandomGenerator and > eliminated the use of qsrand. That is actually the biggest advantage: not > needing to seed the generator. I was quite surprised how much use of qrand we > have in our own source code, and not just in examples. (See commits with > Change-Id Icd0e0d4b27cb4e5eb892fffd14b5285d43f4afbf). > > Obviously those functions need to remain in Qt 5, but what should we do to > them long-term? See > https://lxr.kde.org/ident?_i=qrand&_remember=1 > > With this many references, I'm not sure we should even add a QT_DEPRECATED > warning to it, since that would make trigger-happy "warning--" developers in > KDE wholesale moving to something else. > > Options: > 1) do nothing, leave as-is (in Qt 6, use thread_local) > > 2) deprecate and provide no replacement. That is, tell people to either: > - use QRandomGenerator if they need true random, non-bulk > - use <random> engines if they need bulk > - use <stdlib.h> rand() if they need C library compatibility > > 3) deprecate and provide a thread-safe PRNG, which can be used in bulk > a) with no seed; or > b) with an access to seeding > > 4) same as #3, but actually use the qrand/qsrand names > for (a), qsrand would be empty > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel Open Source Technology Center > > _______________________________________________ > Development mailing list > [email protected] > http://lists.qt-project.org/mailman/listinfo/development > _______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
