oss-sec mailing list archives

Re: random number generators - rand(), random(), etc

From: Eric Blake <eblake () redhat com>
Date: Fri, 07 Nov 2014 22:15:27 +0100

On 11/07/2014 09:49 PM, jb wrote:

Hi,
could you please take a look at this ?
https://sourceware.org/ml/libc-alpha/2014-11/msg00143.html


Anything in particular we're supposed to look at?  Besides the obvious
fact that anyone using rand() or random() in a security-conscious
program should be shot, and therefore, any possible bug in the
implementation of these notoriously weak functions shouldn't have any
implication on programs that use secure random number sources?

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

random number generators - rand(), random(), etc jb (Nov 07)
- Re: random number generators - rand(), random(), etc Michal Zalewski (Nov 07)
  - Re: random number generators - rand(), random(), etc jb (Nov 07)
    - Re: Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
- Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)