Path: csiph.com!goblin3!goblin1!goblin.stu.neva.ru!usenet.stanford.edu!not-for-mail From: Eduardo Bustamante Newsgroups: gnu.bash.bug Subject: Re: $RANDOM not Cryptographically secure pseudorandom number generator Date: Sat, 15 Dec 2018 21:41:24 -0800 Lines: 18 Approved: bug-bash@gnu.org Message-ID: References: <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> <4bc5800d-0dfb-17a5-0b20-9f4bef5a60b6@case.edu> NNTP-Posting-Host: lists.gnu.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: usenet.stanford.edu 1544938905 24584 208.118.235.17 (16 Dec 2018 05:41:45 GMT) X-Complaints-To: action@cs.stanford.edu Cc: Chet Ramey , bug-bash To: tange@gnu.org Envelope-to: bug-bash@gnu.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=u6LeQFNCYeYlWaLueUYzKaD5onrWW6OejTXfYuYrnxk=; b=sFKbmik67/au9U4dXhKktMuidf7a9Cu5FsSakcLlgD5TkcyPPQBuFUa5kYcsVPacE+ MCYXqpgGgZmMLJHBHglVxvoEFM6icHCPAy0F58RzHV58felY/4/vmb07lAmP6sCIUFWI uvCltJj8X1t7vTOFEXWWw63bqFz1+kllKHRlYSbyzRTImNtHyQ3sfJFfCPhke8mZjifs ytLW74lJFSZ46GqgoLOlBpFgW62/Og8B5UnfygidzJKu4vYcJrsuJCmI6Ko63LScdcGD h29yIHL6s0ocKiSoWU8IgH3dFSjSDnMdUHSzJAT1Rg4o2jvTnKLkDSXigY0NaOPJXwrm WT1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=u6LeQFNCYeYlWaLueUYzKaD5onrWW6OejTXfYuYrnxk=; b=EiBT+ur6sxfQwM2KdfNn8pCsRXHpovdal6Sd5/pbefPMwpRK4uLn1pOZAdYShiBjBm qhuMLI0+4Lizb3qcL4PjBuvsxSWDvYv9L9OzMIUdeZp4vogXQkai1PJ4XkkGGRpPpjfg U1JDiNxpbEHCdPtj1uiEQrUOY79kY1j23DxVKGesSdOiA9ZcjbKhNimbYqePpjFNIdFC /heC340X+oE7dHRFErRaWRPDjvHEPWx/6psTVRyD2EQKy8YWwe3s2OWA354bkmzD8epm YC3VNwaVeQt0a1p99mOpZlbneoMcaXIcTHNitM32b/T0YGAUKRR4mRq9hN8DY0OhlcEr mTsg== X-Gm-Message-State: AA+aEWbAACPpdcEb3C3iGRt8iH0Fj9V1F5WbwMS9LGGzU3n1g0dVbP3F rIg3xV8mnMp0x+4djNe+26Zjcm8emllDyYpRajeMw8aJ X-Google-Smtp-Source: AFSGD/Ut8ic4ctjIejjVyOgoFNUMyT+QsrLB2kv1Xjjswtv72i5ktGNadDBKeJbQBPNN3VSK7Xd6DP+y5F7Flvbz/uQ= X-Received: by 2002:a19:c70a:: with SMTP id x10mr4673292lff.88.1544938898930; Sat, 15 Dec 2018 21:41:38 -0800 (PST) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::130 X-BeenThere: bug-bash@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Bug reports for the GNU Bourne Again SHell List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com gnu.bash.bug:14919 On Sat, Dec 15, 2018 at 6:08 PM Ole Tange wrote: (...) > But your comment actually emphasizes my point: We _will_ have users > who are naive enough to use $RANDOM in ways you and I would not do, > because we know it is unsafe. > > Let's make those usages a little safer. You know no one is stopping you from submitting a patch to actually fix the documentation right? (or maybe, you know, submitting an actual working patch to change the random generator, not just drop some irrelevant code snippet you got from Wikipedia). > And then we simply wait for Shellshock to happen. Also, comparing this to shellshock is a huge strawman. Please don't do that :), we all know better than that.