tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: randomness (crypto?) code example wanted please?

    Date:        Sun, 25 Jun 2017 14:29:49 -0000 (UTC)
    From: (Michael van Elst)
    Message-ID:  <oiohct$h3o$>

  | What is so bad about rand(3) ?

It has always historically provided horribly no-random "random" numbers.
It just used (and I think still uses, as no-one has ever bothered to fix it)
a poor pseudo-random generating algorithm.

  | $RANDOM doesn't provide anything beyond rand(),

In range of values, no, but I would prefer they be more genuinely
unpredictable - rand() results cycle far too quickly.

  | as you said, it does neither provide crypto strength nor does't it
  | guarantee any statistical properties.

That's all true, and I don't propose changing any of that.   But
having $RANDOM simply return 1 each time (or the sequence I showed in
my earlier message) would also meet the definition - after all, in a truly
random environment, either is possible (if hideously unlikely).

That we do not promise something does not mean that we should not do the
best we (reasonably) can.

  | If you don't want to use an obsolete interface, use random() instead.

It isn't the age of the interface, it is the quality of the result.
And it is looking like random() is the way forward.   Though I have
just discovered rand48() (and its siblings) from the SEE ALSO in the
arc4random man page.   We could probably usefully add an Xr to rand48 from

Between lrand48() and random() which is preferred?   lrand48 looks
to have a simpler interface (at least there is no initstate() or
setstate() for me to have to attempt to work out whether to use, and if so, 
how) but I have no idea which produces more close to truly random results.


Home | Main Index | Thread Index | Old Index