Path: csiph.com!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail From: Greg Wooledge Newsgroups: gnu.bash.bug Subject: Re: $RANDOM not Cryptographically secure pseudorandom number generator Date: Mon, 3 Dec 2018 12:35:51 -0500 Lines: 11 Approved: bug-bash@gnu.org Message-ID: References: <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: usenet.stanford.edu 1543858571 5118 208.118.235.17 (3 Dec 2018 17:36:11 GMT) X-Complaints-To: action@cs.stanford.edu To: bug-bash@gnu.org Envelope-to: bug-bash@gnu.org Mail-Followup-To: bug-bash@gnu.org Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 139.137.100.1 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.bash.bug:14889 On Mon, Dec 03, 2018 at 05:31:18PM +0100, Ole Tange wrote: > Luckily I did not just assume that Bash delivers high quality random > numbers, but I read the source code, and then found that the quality > was low. I do not think must users would do that. You're correct. Most users would not have to read the source code to know that the built-in PRNG in bash (or in libc, or in basically ANY other standard thing) is of lower than cryptographic quality. Most users already KNOW this.