Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14919
| From | Eduardo Bustamante <dualbus@gmail.com> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: $RANDOM not Cryptographically secure pseudorandom number generator |
| Date | 2018-12-15 21:41 -0800 |
| Message-ID | <mailman.5792.1544938905.1284.bug-bash@gnu.org> (permalink) |
| References | (2 earlier) <CA+4vN7wkuCya7FES1HXiyFTF3a=pkVSdhVCthmjR29OwCAKZng@mail.gmail.com> <fa0b238c-9cb5-a840-ec6b-15cfd11d15cd@case.edu> <CA+4vN7zP26E6o13ysfppv8zjMWDV5BgQNQ1i6GP-3pg_ewVVeA@mail.gmail.com> <4bc5800d-0dfb-17a5-0b20-9f4bef5a60b6@case.edu> <CA+4vN7yTJRqc=8eCJWQMXu7nZu7ZreLTEp56SC-LTavSVW-d1A@mail.gmail.com> |
On Sat, Dec 15, 2018 at 6:08 PM Ole Tange <tange@gnu.org> wrote: (...) > But your comment actually emphasizes my point: We _will_ have users > who are naive enough to use $RANDOM in ways you and I would not do, > because we know it is unsafe. > > Let's make those usages a little safer. You know no one is stopping you from submitting a patch to actually fix the documentation right? (or maybe, you know, submitting an actual working patch to change the random generator, not just drop some irrelevant code snippet you got from Wikipedia). > And then we simply wait for Shellshock to happen. Also, comparing this to shellshock is a huge strawman. Please don't do that :), we all know better than that.
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: $RANDOM not Cryptographically secure pseudorandom number generator Eduardo Bustamante <dualbus@gmail.com> - 2018-12-15 21:41 -0800
csiph-web