Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 07 Nov 2014 22:15:27 +0100
From: Eric Blake <eblake@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: random number generators - rand(), random(), etc

On 11/07/2014 09:49 PM, jb wrote:
> Hi,
> could you please take a look at this ?
> https://sourceware.org/ml/libc-alpha/2014-11/msg00143.html

Anything in particular we're supposed to look at?  Besides the obvious
fact that anyone using rand() or random() in a security-conscious
program should be shot, and therefore, any possible bug in the
implementation of these notoriously weak functions shouldn't have any
implication on programs that use secure random number sources?

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


Download attachment "signature.asc" of type "application/pgp-signature" (540 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.