Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail From: Eduardo Bustamante Newsgroups: gnu.bash.bug Subject: Re: $RANDOM not Cryptographically secure pseudorandom number generator Date: Sun, 2 Dec 2018 20:16:16 -0800 Lines: 29 Approved: bug-bash@gnu.org Message-ID: References: <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: usenet.stanford.edu 1543810597 13306 208.118.235.17 (3 Dec 2018 04:16:37 GMT) X-Complaints-To: action@cs.stanford.edu Cc: Chet Ramey , bug-bash To: ole@tange.dk Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YRdkhxKyyY6V0GjOwsRSw+5wgbUM+UML70FwpVgqCZ8=; b=YDdL1IH8I07L4LAAjarSExZkL+cunbX+KNbOYMuDWSNdIEIuaUDUTTjYEH4w9fsRmh ZJvFfvf4+QfrIWY+/Kqr6isC0cOjbhuvs3EpYhOmC/eFGrtD755U5Qgz1uSVQB49U/Vg 2cwbBXbc9Z6TxS0yNIz1hQbTRwUv61ZLr+K3NKqx7hrnsmM28ycPytdBR5sH/ewVGGwO jGEqVafonP79wr0I2/3jBqBOKb9nVLn/UnWu+eiEiwwsEu/Z2iQ6C9B07uapWX57/7iz F4u7f7PgjKVITKwsYXbRQmMe48Td6EV5BkJ/oKMaK70LEsM6TFNPJVD5MoCEXFRA6say lFgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YRdkhxKyyY6V0GjOwsRSw+5wgbUM+UML70FwpVgqCZ8=; b=ssP2UZcvo6t8NMBAlbxYjsofq6Ksn0f9/CrmBB/EjFDjRV96Req4gG0o/i/mdiqaCD xIHKzOAy/ePDBr6MSqn4XWTnsSzZjqqxU0F+cPq+qfGM4tcRTilE9ecawK9JnbkmIyvU ZBpctASeudPIbfOHy9bN2Dbiu4JiT4KQhFQFTYEvI+xCsvVefr3g/JkMRh/qvU2LZrpQ StKVtNWJpMkDLqhO5gobzsQvr7utXQP9ldzKNRdeBITP9AWF3ZRmaYG3Vh2kiUKI6r/G S5ju0f5pWbSFZhyoZ74i8fqY9ZSkBtYL9nA6B9buzhvrAXAIriISvIDvT5iCq78zlRfb obeg== X-Gm-Message-State: AA+aEWbh/GCMyfLrZwxrNmp9/Djx9LQKyOJVqgIGqZDAit+N95DUTSo8 gY7FNk4jmLKnzihCrlPi8u1hwahKalAN+MtadGpuQ8r/ X-Google-Smtp-Source: AFSGD/Wt/54N1XdeqEK7L2LDDyCr04KiDugezYIECPInF9vGMrbzFC62XNRn1ceyPacy2OknrTgwItv1T/PBXHcWYqc= X-Received: by 2002:a2e:990e:: with SMTP id v14-v6mr10021743lji.60.1543810590950; Sun, 02 Dec 2018 20:16:30 -0800 (PST) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::233 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.bash.bug:14872 On Sun, Dec 2, 2018 at 3:14 PM Ole Tange wrote: (...) > Git's use of SHA1 seems to be a prime example of what can go wrong: > https://shattered.io/ What does a PRNG have to do with a hashing function? > Can you elaborate on why you think it is a bad idea to change an > insecure PRNG into a non-broken one? I think you should elaborate on why you think the current one is "broken", not the other way around; since you're the one that claiming that is broken, but haven't really said why that is true. IMO, Bash's PRNG is decent enough for what its intended use is. It's definitely not meant to be used for cryptography. If I want a strong random number, I can rely on OpenSSL or the /dev/urandom device. Also, I don't really see how the code you sent generates a random number: * How do you seed the initial state? * How do you convert the 16-element array of 32-bit numbers to an integer in the 0 - 32767 range? People already expect $RANDOM to behave in a certain way, so you can't really change that interface without breaking stuff. Whatever you use to replace the brand() function should have the same interface.