Re: $RANDOM not Cryptographically secure pseudorandom number generator

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: $RANDOM not Cryptographically secure pseudorandom number generator

From:	Chet Ramey
Subject:	Re: $RANDOM not Cryptographically secure pseudorandom number generator
Date:	Mon, 3 Dec 2018 09:56:33 -0500
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.2

On 12/2/18 6:13 PM, Ole Tange wrote:
> On Wed, Nov 21, 2018 at 11:45 PM Chet Ramey <chet.ramey@case.edu> wrote:
>> On 11/21/18 3:07 PM, Ole Tange wrote:
>>> 'brand' in variables.c is comparable in size to ChaCha20 and ChaCha20
>>> is not completely broken:
>>> https://en.wikipedia.org/wiki/Salsa20
>>>
>>> Could we please replace 'brand' with ChaCha20?
>>
>> What is your application that you need something more complicated than
>> the existing PRNG?
> 
> I do not have that currently, but it seems like a fairly small change
> and it seems odd to have modern software not use modern algorithms.

There has to be a compelling reason to change this, especially at a point
so close to a major release.

You might be expecting too much from bash's random number generator. Is
the problem that its period is at most 2**16? For its intended uses, the
cycle length is acceptable. Do you disagree?

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/02
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/02
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey <=
  - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Greg Wooledge, 2018/12/03
  - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/03
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Greg Wooledge, 2018/12/03
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/03
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/03
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/15
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/16
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/28
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/31
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/17

Prev by Date: Re: Incorrect path canonicalisation at autocompletion
Next by Date: Re: Incorrect path canonicalisation at autocompletion
Previous by thread: Re: $RANDOM not Cryptographically secure pseudorandom number generator
Next by thread: Re: $RANDOM not Cryptographically secure pseudorandom number generator
Index(es):
- Date
- Thread