oss-sec mailing list archives
Re: random number generators - rand(), random(), etc
From: jb <jb.1234abcd () gmail com>
Date: Fri, 7 Nov 2014 21:21:52 +0000 (UTC)
Michal Zalewski <lcamtuf@...> writes:
https://sourceware.org/ml/libc-alpha/2014-11/msg00143.htmlIn general, rand() and random() are not backed by cryptosafe PRNGs and should not be used for security purposes. /mz
Well, rand() in Linux and ISO C standard are not threadsafe, but random(),
srandom(), etc in Linux are claimed to be threadsafe:
- pthread(7) - the function random() is listed as threadsafe
- random(3)
Multithreading (see pthreads(7))
The random(), srandom(), initstate(), and setstate() functions are
thread-safe.
But apparently they are not.
A problem ?
jb
Current thread:
- random number generators - rand(), random(), etc jb (Nov 07)
- Re: random number generators - rand(), random(), etc Michal Zalewski (Nov 07)
- Re: random number generators - rand(), random(), etc jb (Nov 07)
- Re: Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
- Re: random number generators - rand(), random(), etc jb (Nov 07)
- Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
- Re: random number generators - rand(), random(), etc Michal Zalewski (Nov 07)