Re: Want to help upstream software improve their random?

> > Sent: Friday, December 12, 2014 at 5:02 AM > > From: "Theo de Raadt" > > To: t...@cvs.openbsd.org > > Subject: Want to help upstream software improve their random? > > > > Not my business, but how do you handle cases of rand() & srand()-like > calls from software like awk? awk in OpenBSD has

Re: Want to help upstream software improve their random?

> Sent: Friday, December 12, 2014 at 5:02 AM > From: "Theo de Raadt" > To: t...@cvs.openbsd.org > Subject: Want to help upstream software improve their random? > Not my business, but how do you handle cases of rand() & srand()-like calls from software like awk? What is and what should be the res

Re: Want to help upstream software improve their random?

12 дек. 2014 г. 8:04 пользователь "Theo de Raadt" написал: > > In all of these code blocks are a well-known piece of information > (same time on your machine as everywhere else) is being used to seed a > deterministic number generator. > > At some later point, deterministic numbers are taken out u

Re: Want to help upstream software improve their random?

Theo de Raadt wrote: > In all of these code blocks are a well-known piece of information > (same time on your machine as everywhere else) is being used to seed a > deterministic number generator. > > At some later point, deterministic numbers are taken out using rand(), > random(), drand48(), lr

Re: Want to help upstream software improve their random?

> On Thu, Dec 11, 2014 at 09:52:46PM -0800, Eugene Yunak wrote: > > Thank you. Are there any specific good libraries you know of? > > > LibreSSL :-) Indeed, if a system has LibreSSL, you will find the arc4random family in -lcrypto.

Re: Want to help upstream software improve their random?

On Thu, Dec 11, 2014 at 09:52:46PM -0800, Eugene Yunak wrote: > Thank you. Are there any specific good libraries you know of? > > > -- > The best the little guy can do is what > the little guy does right LibreSSL :-) -Bryan.

Re: Want to help upstream software improve their random?

> > There are libraries available which provide arc4random() on Linux, so > > maybe you find an upstream software provider who is willing to create > > a dependency on such a library on Linux. > > > > Lots of software is doing precisely that, so don't be afraid. > > > > > Thank you. Are there any s

Re: Want to help upstream software improve their random?

On 11 December 2014 at 21:43, Theo de Raadt wrote: > > > On 12 Dec 2014, at 5:02, Theo de Raadt wrote: > > > > > In all of these code blocks are a well-known piece of information > > > (same time on your machine as everywhere else) is being used to seed a > > > deterministic number generator. > >

Re: Want to help upstream software improve their random?

On 12 Dec 2014, at 5:43, Theo de Raadt wrote: >> On 12 Dec 2014, at 5:02, Theo de Raadt wrote: >> >>> In all of these code blocks are a well-known piece of information >>> (same time on your machine as everywhere else) is being used to seed a >>> deterministic number generator. >>> >>> At some lat

Re: Want to help upstream software improve their random?

> On 12 Dec 2014, at 5:02, Theo de Raadt wrote: > > > In all of these code blocks are a well-known piece of information > > (same time on your machine as everywhere else) is being used to seed a > > deterministic number generator. > > > > At some later point, deterministic numbers are taken out us

Re: Want to help upstream software improve their random?

On 12 Dec 2014, at 5:02, Theo de Raadt wrote: In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number generator. At some later point, deterministic numbers are taken out using rand(), random(),