Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14919
| Path | csiph.com!goblin3!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Eduardo Bustamante <dualbus@gmail.com> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: $RANDOM not Cryptographically secure pseudorandom number generator |
| Date | Sat, 15 Dec 2018 21:41:24 -0800 |
| Lines | 18 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.5792.1544938905.1284.bug-bash@gnu.org> (permalink) |
| References | <CA+4vN7zoPwhL5E82pDb=20yk4Dxdj=iRJiY2mmsbAtN1yqSeZw@mail.gmail.com> <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> <CA+4vN7wkuCya7FES1HXiyFTF3a=pkVSdhVCthmjR29OwCAKZng@mail.gmail.com> <fa0b238c-9cb5-a840-ec6b-15cfd11d15cd@case.edu> <CA+4vN7zP26E6o13ysfppv8zjMWDV5BgQNQ1i6GP-3pg_ewVVeA@mail.gmail.com> <4bc5800d-0dfb-17a5-0b20-9f4bef5a60b6@case.edu> <CA+4vN7yTJRqc=8eCJWQMXu7nZu7ZreLTEp56SC-LTavSVW-d1A@mail.gmail.com> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| X-Trace | usenet.stanford.edu 1544938905 24584 208.118.235.17 (16 Dec 2018 05:41:45 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | Chet Ramey <chet.ramey@case.edu>, bug-bash <bug-bash@gnu.org> |
| To | tange@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=u6LeQFNCYeYlWaLueUYzKaD5onrWW6OejTXfYuYrnxk=; b=sFKbmik67/au9U4dXhKktMuidf7a9Cu5FsSakcLlgD5TkcyPPQBuFUa5kYcsVPacE+ MCYXqpgGgZmMLJHBHglVxvoEFM6icHCPAy0F58RzHV58felY/4/vmb07lAmP6sCIUFWI uvCltJj8X1t7vTOFEXWWw63bqFz1+kllKHRlYSbyzRTImNtHyQ3sfJFfCPhke8mZjifs ytLW74lJFSZ46GqgoLOlBpFgW62/Og8B5UnfygidzJKu4vYcJrsuJCmI6Ko63LScdcGD h29yIHL6s0ocKiSoWU8IgH3dFSjSDnMdUHSzJAT1Rg4o2jvTnKLkDSXigY0NaOPJXwrm WT1g== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=u6LeQFNCYeYlWaLueUYzKaD5onrWW6OejTXfYuYrnxk=; b=EiBT+ur6sxfQwM2KdfNn8pCsRXHpovdal6Sd5/pbefPMwpRK4uLn1pOZAdYShiBjBm qhuMLI0+4Lizb3qcL4PjBuvsxSWDvYv9L9OzMIUdeZp4vogXQkai1PJ4XkkGGRpPpjfg U1JDiNxpbEHCdPtj1uiEQrUOY79kY1j23DxVKGesSdOiA9ZcjbKhNimbYqePpjFNIdFC /heC340X+oE7dHRFErRaWRPDjvHEPWx/6psTVRyD2EQKy8YWwe3s2OWA354bkmzD8epm YC3VNwaVeQt0a1p99mOpZlbneoMcaXIcTHNitM32b/T0YGAUKRR4mRq9hN8DY0OhlcEr mTsg== |
| X-Gm-Message-State | AA+aEWbAACPpdcEb3C3iGRt8iH0Fj9V1F5WbwMS9LGGzU3n1g0dVbP3F rIg3xV8mnMp0x+4djNe+26Zjcm8emllDyYpRajeMw8aJ |
| X-Google-Smtp-Source | AFSGD/Ut8ic4ctjIejjVyOgoFNUMyT+QsrLB2kv1Xjjswtv72i5ktGNadDBKeJbQBPNN3VSK7Xd6DP+y5F7Flvbz/uQ= |
| X-Received | by 2002:a19:c70a:: with SMTP id x10mr4673292lff.88.1544938898930; Sat, 15 Dec 2018 21:41:38 -0800 (PST) |
| In-Reply-To | <CA+4vN7yTJRqc=8eCJWQMXu7nZu7ZreLTEp56SC-LTavSVW-d1A@mail.gmail.com> |
| X-detected-operating-system | by eggs.gnu.org: Genre and OS details not recognized. |
| X-Received-From | 2a00:1450:4864:20::130 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash/> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:14919 |
Show key headers only | View raw
On Sat, Dec 15, 2018 at 6:08 PM Ole Tange <tange@gnu.org> wrote: (...) > But your comment actually emphasizes my point: We _will_ have users > who are naive enough to use $RANDOM in ways you and I would not do, > because we know it is unsafe. > > Let's make those usages a little safer. You know no one is stopping you from submitting a patch to actually fix the documentation right? (or maybe, you know, submitting an actual working patch to change the random generator, not just drop some irrelevant code snippet you got from Wikipedia). > And then we simply wait for Shellshock to happen. Also, comparing this to shellshock is a huge strawman. Please don't do that :), we all know better than that.
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: $RANDOM not Cryptographically secure pseudorandom number generator Eduardo Bustamante <dualbus@gmail.com> - 2018-12-15 21:41 -0800
csiph-web