Re: $RANDOM not Cryptographically secure pseudorandom number generator

[Eduardo Bustamante]

On Sun, Dec 2, 2018 at 3:14 PM Ole Tange <ole@tange.dk> wrote:
(...)
> Git's use of SHA1 seems to be a prime example of what can go wrong:
> https://shattered.io/

What does a PRNG have to do with a hashing function?

> Can you elaborate on why you think it is a bad idea to change an
> insecure PRNG into a non-broken one?

I think you should elaborate on why you think the current one is
"broken", not the other way around; since you're the one that claiming
that is broken, but haven't really said why that is true.

IMO, Bash's PRNG is decent enough for what its intended use is. It's
definitely not meant to be used for cryptography. If I want a strong
random number, I can rely on OpenSSL or the /dev/urandom device.


Also, I don't really see how the code you sent generates a random number:

* How do you seed the initial state?
* How do you convert the 16-element array of 32-bit numbers to an
integer in the 0 - 32767 range?

People already expect $RANDOM to behave in a certain way, so you can't
really change that interface without breaking stuff. Whatever you use
to replace the brand() function should have the same interface.