Re: $RANDOM not Cryptographically secure pseudorandom number generator

From	Greg Wooledge <wooledg@eeg.ccf.org>
Newsgroups	gnu.bash.bug
Subject	Re: $RANDOM not Cryptographically secure pseudorandom number generator
Date	2018-12-03 10:03 -0500
Message-ID	<mailman.5083.1543849494.1284.bug-bash@gnu.org> (permalink)
References	<CA+4vN7zoPwhL5E82pDb=20yk4Dxdj=iRJiY2mmsbAtN1yqSeZw@mail.gmail.com> <868cc2da-cf67-298f-4640-ab1afcf857e0@case.edu> <CA+4vN7wkuCya7FES1HXiyFTF3a=pkVSdhVCthmjR29OwCAKZng@mail.gmail.com> <fa0b238c-9cb5-a840-ec6b-15cfd11d15cd@case.edu>

Show all headers | View raw

On Mon, Dec 03, 2018 at 09:56:33AM -0500, Chet Ramey wrote:
> There has to be a compelling reason to change this, especially at a point
> so close to a major release.
> 
> You might be expecting too much from bash's random number generator. Is
> the problem that its period is at most 2**16? For its intended uses, the
> cycle length is acceptable. Do you disagree?

I suspect he doesn't share the same understanding of the "intended
uses" of bash's $RANDOM as the rest of us.

It's meant for displaying a random wallpaper image from a directory,
or for playing a random audio file from a directory.  Or for playing a
number guessing game with a 6 year old.

It is emphatically NOT for generating passwords.

Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread

Thread

Re: $RANDOM not Cryptographically secure pseudorandom number generator Greg Wooledge <wooledg@eeg.ccf.org> - 2018-12-03 10:03 -0500

csiph-web