Hi Cristian, On 12/28/22 22:04, Cristian Rodríguez wrote:
On Wed, Dec 28, 2022 at 5:57 PM Alejandro Colomar via Libc-alpha <libc-alpha@xxxxxxxxxxxxxx> wrote:Ahh, I didn't connect the dots the other day! We don't need to wait for glibc. libbsd already provides arc4random on GNU/Linux systems, so I can already recommend using arc4random to seed srand(3). I'll prepare a patch...I would suggest avoiding that, as it suffers from all the problems previously discussed on this list , on the relevant arc4random thread tl;dr , it can't be safe without kernel support, as you need to know when to drop the buffer. (on fork, on resume plus on $deity knows condition for which there is no kernel notification about)
I don't consider rand(3) anything safe or really random, but rather a tool for simulations or debugging where repeatability matters more than anything else.
For anything where randomness matters, arc4random(3) is the way to go. But randomness is not always what you want. What would you recommend for some software where you need to test/simulate many different cases, where you want to be able to repeat the tests?
Maybe we should make clear that rand(3) should never be used unless you want repeatable results. And when randomness matters in some cases, you could add a macro wrapping both rand(3) and arc4random(3), and use the appropriate one.
Cheers, Alex -- <http://www.alejandro-colomar.es/>
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
