Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14890
| Path | csiph.com!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Eduardo Bustamante <dualbus@gmail.com> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: $RANDOM not Cryptographically secure pseudorandom number generator |
| Date | Mon, 3 Dec 2018 10:53:01 -0800 |
| Lines | 23 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.5102.1543864166.1284.bug-bash@gnu.org> (permalink) |
| References | <CA+4vN7zoPwhL5E82pDb=20yk4Dxdj=iRJiY2mmsbAtN1yqSeZw@mail.gmail.com> <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> <CA+4vN7wkuCya7FES1HXiyFTF3a=pkVSdhVCthmjR29OwCAKZng@mail.gmail.com> <fa0b238c-9cb5-a840-ec6b-15cfd11d15cd@case.edu> <CA+4vN7zP26E6o13ysfppv8zjMWDV5BgQNQ1i6GP-3pg_ewVVeA@mail.gmail.com> <20181203173551.rpejfigeboqz6f4v@eeg.ccf.org> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| X-Trace | usenet.stanford.edu 1543864167 7577 208.118.235.17 (3 Dec 2018 19:09:27 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bug-bash <bug-bash@gnu.org> |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=GEXmwsnzcQWHHPzVYHmGWOFKuxohMxcZGvHzrhmV++w=; b=Ud82cRFvKLLwx61cU5tuhQxiW4fPngkE1c6lJa3ciNs9Cc2lkYHsLZFuop1Br6zy2V e45B2JL4qIe5bOkwYEcv2ruqXVmaUuWg3TgGmCGlW4LaaRikRTdZC0dA3HSia8aBVDXR 2gpMFPmmqv85+Kqhw2eVI/ucEHnOTYOk6ISYgQJ3lwnvihtvjOOIJ4w5w0K/6+aRl+mz gOr+Wh1glYAoaigDpLLTkxYRG6TXDq5CEapLCRMLHa4vHJmBrElf6x7ZwG4yhC20wtRB rl4v2xpp47/8EE2K1ywZsMnT/6xYS/ECKeQ26pF0AfAcigKT86Tx4OlaLzD1ankfpsV5 8FgA== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=GEXmwsnzcQWHHPzVYHmGWOFKuxohMxcZGvHzrhmV++w=; b=Vq900DgER1WgWPQ7uRysrbzviy2HPZlmIyrBCTNIzoHXo7/H6n5/x4/aGqJgbtoG61 lv5VRb20Mqe6hPuakUptQu8yhDl1RFq6vNPw9aITPBU3KOPk2aZ+PQijCv7Sr2Mx6D+G sqrRD4ovpUXI+CKGQPLIla9Gazm41rP92yFC1r8RBumTrFf+e7YXghd3r5AhpdjRgaZp yMs5qXkwlauNk4LFhg1nJDXc26wKu+rvjNWVDSSiSrebcSxO8uvZ9pTvLdfA7iEhgOYE HDg765gUcJTyntdphrMbu4kVf48LNdnmthP0q2uz9pOoSsXarn4CnOIzqHIjSeh+e6ss 2rHQ== |
| X-Gm-Message-State | AA+aEWaMzQoD7G/auVOmhDrw3EQxYxpU+muFjq3yUVG9G29t1eEygyRo fMmbQrJlkNA8gtgJf03sUrU2ROEhS8dHk5h0CLjW/w== |
| X-Google-Smtp-Source | AFSGD/XkTRetuTUwxt/4Z8E+Ct833H6td25vJFEpRcqwwDUPh3moW2c7J5jkeaio340Wnf4jfLeQjIZMKqJlPNHRKlQ= |
| X-Received | by 2002:a2e:5654:: with SMTP id k81-v6mr10574973ljb.48.1543863193378; Mon, 03 Dec 2018 10:53:13 -0800 (PST) |
| In-Reply-To | <20181203173551.rpejfigeboqz6f4v@eeg.ccf.org> |
| X-detected-operating-system | by eggs.gnu.org: Genre and OS details not recognized. |
| X-Received-From | 2a00:1450:4864:20::231 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash/> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:14890 |
Show key headers only | View raw
On Mon, Dec 3, 2018 at 9:36 AM Greg Wooledge <wooledg@eeg.ccf.org> wrote: > > On Mon, Dec 03, 2018 at 05:31:18PM +0100, Ole Tange wrote: > > Luckily I did not just assume that Bash delivers high quality random > > numbers, but I read the source code, and then found that the quality > > was low. I do not think must users would do that. > > You're correct. Most users would not have to read the source code to > know that the built-in PRNG in bash (or in libc, or in basically ANY > other standard thing) is of lower than cryptographic quality. > > Most users already KNOW this. I have to echo this. If you are writing an application that requires high quality random number, the onus is on YOU to ensure that you're using quality sources and a good CSRNG. It would be a user mistake to just use whatever the standard library of the run-time you're using provides. Do we have to change C's rand() too? Or python's "random" module? Or perl's "rand"? Or ruby's? (etc etc) I do agree that adding a note in the manual to this effect would be nice though.
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: $RANDOM not Cryptographically secure pseudorandom number generator Eduardo Bustamante <dualbus@gmail.com> - 2018-12-03 10:53 -0800
csiph-web