Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14872
| Path | csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Eduardo Bustamante <dualbus@gmail.com> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: $RANDOM not Cryptographically secure pseudorandom number generator |
| Date | Sun, 2 Dec 2018 20:16:16 -0800 |
| Lines | 29 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.5055.1543810596.1284.bug-bash@gnu.org> (permalink) |
| References | <CA+4vN7zoPwhL5E82pDb=20yk4Dxdj=iRJiY2mmsbAtN1yqSeZw@mail.gmail.com> <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> <CA+4vN7wkuCya7FES1HXiyFTF3a=pkVSdhVCthmjR29OwCAKZng@mail.gmail.com> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| X-Trace | usenet.stanford.edu 1543810597 13306 208.118.235.17 (3 Dec 2018 04:16:37 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | Chet Ramey <chet.ramey@case.edu>, bug-bash <bug-bash@gnu.org> |
| To | ole@tange.dk |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YRdkhxKyyY6V0GjOwsRSw+5wgbUM+UML70FwpVgqCZ8=; b=YDdL1IH8I07L4LAAjarSExZkL+cunbX+KNbOYMuDWSNdIEIuaUDUTTjYEH4w9fsRmh ZJvFfvf4+QfrIWY+/Kqr6isC0cOjbhuvs3EpYhOmC/eFGrtD755U5Qgz1uSVQB49U/Vg 2cwbBXbc9Z6TxS0yNIz1hQbTRwUv61ZLr+K3NKqx7hrnsmM28ycPytdBR5sH/ewVGGwO jGEqVafonP79wr0I2/3jBqBOKb9nVLn/UnWu+eiEiwwsEu/Z2iQ6C9B07uapWX57/7iz F4u7f7PgjKVITKwsYXbRQmMe48Td6EV5BkJ/oKMaK70LEsM6TFNPJVD5MoCEXFRA6say lFgg== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YRdkhxKyyY6V0GjOwsRSw+5wgbUM+UML70FwpVgqCZ8=; b=ssP2UZcvo6t8NMBAlbxYjsofq6Ksn0f9/CrmBB/EjFDjRV96Req4gG0o/i/mdiqaCD xIHKzOAy/ePDBr6MSqn4XWTnsSzZjqqxU0F+cPq+qfGM4tcRTilE9ecawK9JnbkmIyvU ZBpctASeudPIbfOHy9bN2Dbiu4JiT4KQhFQFTYEvI+xCsvVefr3g/JkMRh/qvU2LZrpQ StKVtNWJpMkDLqhO5gobzsQvr7utXQP9ldzKNRdeBITP9AWF3ZRmaYG3Vh2kiUKI6r/G S5ju0f5pWbSFZhyoZ74i8fqY9ZSkBtYL9nA6B9buzhvrAXAIriISvIDvT5iCq78zlRfb obeg== |
| X-Gm-Message-State | AA+aEWbh/GCMyfLrZwxrNmp9/Djx9LQKyOJVqgIGqZDAit+N95DUTSo8 gY7FNk4jmLKnzihCrlPi8u1hwahKalAN+MtadGpuQ8r/ |
| X-Google-Smtp-Source | AFSGD/Wt/54N1XdeqEK7L2LDDyCr04KiDugezYIECPInF9vGMrbzFC62XNRn1ceyPacy2OknrTgwItv1T/PBXHcWYqc= |
| X-Received | by 2002:a2e:990e:: with SMTP id v14-v6mr10021743lji.60.1543810590950; Sun, 02 Dec 2018 20:16:30 -0800 (PST) |
| In-Reply-To | <CA+4vN7wkuCya7FES1HXiyFTF3a=pkVSdhVCthmjR29OwCAKZng@mail.gmail.com> |
| X-detected-operating-system | by eggs.gnu.org: Genre and OS details not recognized. |
| X-Received-From | 2a00:1450:4864:20::233 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash/> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:14872 |
Show key headers only | View raw
On Sun, Dec 2, 2018 at 3:14 PM Ole Tange <ole@tange.dk> wrote: (...) > Git's use of SHA1 seems to be a prime example of what can go wrong: > https://shattered.io/ What does a PRNG have to do with a hashing function? > Can you elaborate on why you think it is a bad idea to change an > insecure PRNG into a non-broken one? I think you should elaborate on why you think the current one is "broken", not the other way around; since you're the one that claiming that is broken, but haven't really said why that is true. IMO, Bash's PRNG is decent enough for what its intended use is. It's definitely not meant to be used for cryptography. If I want a strong random number, I can rely on OpenSSL or the /dev/urandom device. Also, I don't really see how the code you sent generates a random number: * How do you seed the initial state? * How do you convert the 16-element array of 32-bit numbers to an integer in the 0 - 32767 range? People already expect $RANDOM to behave in a certain way, so you can't really change that interface without breaking stuff. Whatever you use to replace the brand() function should have the same interface.
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: $RANDOM not Cryptographically secure pseudorandom number generator Eduardo Bustamante <dualbus@gmail.com> - 2018-12-02 20:16 -0800
csiph-web