On Tue, May 17, 2016 at 5:50 PM, Theo de Raadt
wrote:
> > > https://github.com/libressl-portable/portable/tree/master/m4
> > > has autoconf checks with an OS whitelist for arc4random.
> > > It would be nice to keep things similar to these so that
> > > updates can be
> > https://github.com/libressl-portable/portable/tree/master/m4
> > has autoconf checks with an OS whitelist for arc4random.
> > It would be nice to keep things similar to these so that
> > updates can be merged across from newer versions easily.
>
> I disagree.
>
>
> libressl is making
> > Anecdocally, libbsd's arc4random is not necessarily secure. IIUC the
> > code isn't as glaringly dangerous as g_rand*, but it will seed with only
> > the time and PID if other sources fail. I think we should avoid
> > conflating BSDs' arc4randoms with libbsd's.
> >
>
>
> Dmitrij D. Czarkoff wrote:
> > Stuart Henderson said:
> > > glib2 is a pretty clean port patch-wise. This sort of thing would be
> > > better done with proper autoconf etc so it can go upstream.
> >
> > Totally agree. It would be best if upstream would maintain the code.
> > They could benefit
On 2016/05/17 18:16, Michael McConville wrote:
> Dmitrij D. Czarkoff wrote:
> > Stuart Henderson said:
> > > glib2 is a pretty clean port patch-wise. This sort of thing would be
> > > better done with proper autoconf etc so it can go upstream.
> >
> > Totally agree. It would be best if upstream
Dmitrij D. Czarkoff wrote:
> Stuart Henderson said:
> > glib2 is a pretty clean port patch-wise. This sort of thing would be
> > better done with proper autoconf etc so it can go upstream.
>
> Totally agree. It would be best if upstream would maintain the code.
> They could benefit from
Stuart Henderson said:
> glib2 is a pretty clean port patch-wise. This sort of thing would be
> better done with proper autoconf etc so it can go upstream.
Totally agree. It would be best if upstream would maintain the code.
They could benefit from arc4random on other BSDs and libbsd-enabled
glib2 is a pretty clean port patch-wise. This sort of thing would be
better done with proper autoconf etc so it can go upstream.
On 2016/05/05 15:02, Vadim Zhukov wrote:
> 2016-05-05 3:00 GMT+03:00 Michael McConville :
> > I've had this sitting around for a while.
> >
> >
2016-05-05 3:00 GMT+03:00 Michael McConville :
> I've had this sitting around for a while.
>
> GLib's g_rand* functions use a simple Mersenne Twister, and the docs
> warn against their use where strong randomness is needed:
>
>
I've had this sitting around for a while.
GLib's g_rand* functions use a simple Mersenne Twister, and the docs
warn against their use where strong randomness is needed:
https://developer.gnome.org/glib/stable/glib-Random-Numbers.html
g_rand_* are deterministic, while g_random_* are
10 matches
Mail list logo