oss-sec mailing list archives
Re: Re: random number generators - rand(), random(), etc
From: Eric Blake <eblake () redhat com>
Date: Fri, 07 Nov 2014 22:28:37 +0100
On 11/07/2014 10:21 PM, jb wrote:
https://sourceware.org/ml/libc-alpha/2014-11/msg00143.htmlIn general, rand() and random() are not backed by cryptosafe PRNGs and should not be used for security purposes. /mzWell, rand() in Linux and ISO C standard are not threadsafe, but random(), srandom(), etc in Linux are claimed to be threadsafe: - pthread(7) - the function random() is listed as threadsafe - random(3) Multithreading (see pthreads(7)) The random(), srandom(), initstate(), and setstate() functions are thread-safe. But apparently they are not. A problem ?
Maybe. But not a security problem, because no security-conscious program should be using random(). Therefore, I repeat my question - what do you want this list to do about it? You're not reaching the right target audience. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- random number generators - rand(), random(), etc jb (Nov 07)
- Re: random number generators - rand(), random(), etc Michal Zalewski (Nov 07)
- Re: random number generators - rand(), random(), etc jb (Nov 07)
- Re: Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
- Re: random number generators - rand(), random(), etc jb (Nov 07)
- Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
- Re: random number generators - rand(), random(), etc Michal Zalewski (Nov 07)