Re: arc4random - are you sure we want these?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Le 25/07/2022 à 14:39, Florian Weimer a écrit :
* Jason A. Donenfeld via Libc-alpha:
The performance numbers suggest that we benefit from buffering in user
space.
The question is whether it's safe and advisable to buffer this way in
userspace. Does userspace have the right information now of when to
discard the buffer and get a new one? I suspect it does not.
Not completely, no, but we can cover many cases.  I do not currently see
a way around that if we want to promote arc4random_uniform(limit) as a
replacement for random() % limit.

+1

That the reason I've reviewed the implementation positively: for me arc4random is not about generating secret keys but small integers.
I want to be able to divert developers from
    srand(time(NULL))
    identifier = rand() % 33
to
    identifier = arc4random_uniform(33)

Safe, fast, and reasonably secure.


Regards.


--
Yann Droneaud
OPTEYA





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux