Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14891
| From | Chet Ramey <chet.ramey@case.edu> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: $RANDOM not Cryptographically secure pseudorandom number generator |
| Date | 2018-12-03 15:18 -0500 |
| Message-ID | <mailman.5110.1543868300.1284.bug-bash@gnu.org> (permalink) |
| References | <CA+4vN7zoPwhL5E82pDb=20yk4Dxdj=iRJiY2mmsbAtN1yqSeZw@mail.gmail.com> <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> <CA+4vN7wkuCya7FES1HXiyFTF3a=pkVSdhVCthmjR29OwCAKZng@mail.gmail.com> <fa0b238c-9cb5-a840-ec6b-15cfd11d15cd@case.edu> <CA+4vN7zP26E6o13ysfppv8zjMWDV5BgQNQ1i6GP-3pg_ewVVeA@mail.gmail.com> |
On 12/3/18 11:31 AM, Ole Tange wrote: > On Mon, Dec 3, 2018 at 3:56 PM Chet Ramey <chet.ramey@case.edu> wrote: > >> There has to be a compelling reason to change this, especially at a point >> so close to a major release. > > The reason for my submission was that I needed a bunch of random > numbers in a shell script, but I needed them to be high quality. > Luckily I did not just assume that Bash delivers high quality random > numbers, but I read the source code, and then found that the quality > was low. I do not think must users would do that. This is always requirements-driven. Nobody expects to get cryptographic- quality PRNGs out of the shell (or any of the libc interfaces, tbh), and that's never been promised or expected. You can't really expect that from something that only promises 16 bits. However, for common scripting tasks like generating temporary filenames, it's perfectly adequate. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: $RANDOM not Cryptographically secure pseudorandom number generator Chet Ramey <chet.ramey@case.edu> - 2018-12-03 15:18 -0500
csiph-web