Subject: Re: arc4random(9)
To: Jason R Thorpe <email@example.com>
From: None <firstname.lastname@example.org>
Date: 05/28/2002 21:52:21
on Tue, May 28, 2002 at 01:06:33PM -0700, Jason R Thorpe wrote:
> We should have a good API for which arc4random() can be a crappy-api-wrapper
> (not only is the name stupid, but how it returns data is also stupid; it
> should just put a pseudo-random data stream into a caller-provided buffer,
> rather than returning a 32-bit value).
What about RAND_bytes(3), etc as provided by openssl? I don't like the naming
convention (nor that "num" is an int.)
The secure programming howto, suggests Yarrow as a good cryptographically
strong PRNG, and also points to the informational RFC 1750.