On 06/19/2015 02:43 PM, Greg Troxel wrote:
So moving all srand/rand to random() sounds reasonable. Arguably there should only be a single seeding, but it's not clear to me that quagga is using this in places where cryptographically strong random numbers are needed, vs just avoiding timer synchronization.
If Quagga is calling rand/srand/random in places where cryptographically strong random numbers are needed, that is a serious bug. The PRNGs in common libcs are not cryptographically strong.
_______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
