Re: Want to help upstream software improve their random?

Sent: Friday, December 12, 2014 at 5:02 AM From: Theo de Raadt dera...@cvs.openbsd.org To: t...@cvs.openbsd.org Subject: Want to help upstream software improve their random? Not my business, but how do you handle cases of rand() srand()-like calls from software like awk? What is and what

Re: Want to help upstream software improve their random?

Sent: Friday, December 12, 2014 at 5:02 AM From: Theo de Raadt dera...@cvs.openbsd.org To: t...@cvs.openbsd.org Subject: Want to help upstream software improve their random? Not my business, but how do you handle cases of rand() srand()-like calls from software like awk? awk in

Re: Want to help upstream software improve their random?

Theo de Raadt dera...@cvs.openbsd.org wrote: In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number generator. At some later point, deterministic numbers are taken out using rand(),

Re: Want to help upstream software improve their random?

12 дек. 2014 г. 8:04 пользователь Theo de Raadt dera...@cvs.openbsd.org написал: In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number generator. At some later point, deterministic numbers

Re: Want to help upstream software improve their random?

On 12 Dec 2014, at 5:02, Theo de Raadt wrote: In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number generator. At some later point, deterministic numbers are taken out using rand(),

Re: Want to help upstream software improve their random?

On 12 Dec 2014, at 5:02, Theo de Raadt wrote: In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number generator. At some later point, deterministic numbers are taken out using rand(),

Re: Want to help upstream software improve their random?

On 12 Dec 2014, at 5:43, Theo de Raadt wrote: On 12 Dec 2014, at 5:02, Theo de Raadt wrote: In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number generator. At some later point,

Re: Want to help upstream software improve their random?

On 11 December 2014 at 21:43, Theo de Raadt dera...@cvs.openbsd.org wrote: On 12 Dec 2014, at 5:02, Theo de Raadt wrote: In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number

Re: Want to help upstream software improve their random?

There are libraries available which provide arc4random() on Linux, so maybe you find an upstream software provider who is willing to create a dependency on such a library on Linux. Lots of software is doing precisely that, so don't be afraid. Thank you. Are there any specific good

Re: Want to help upstream software improve their random?

On Thu, Dec 11, 2014 at 09:52:46PM -0800, Eugene Yunak wrote: Thank you. Are there any specific good libraries you know of? -- The best the little guy can do is what the little guy does right LibreSSL :-) -Bryan.

Re: Want to help upstream software improve their random?

On Thu, Dec 11, 2014 at 09:52:46PM -0800, Eugene Yunak wrote: Thank you. Are there any specific good libraries you know of? LibreSSL :-) Indeed, if a system has LibreSSL, you will find the arc4random family in -lcrypto.