Re: $RANDOM not Cryptographically secure pseudorandom number generator

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: $RANDOM not Cryptographically secure pseudorandom number generator

From:	Chet Ramey
Subject:	Re: $RANDOM not Cryptographically secure pseudorandom number generator
Date:	Mon, 3 Dec 2018 15:18:07 -0500
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.2

On 12/3/18 11:31 AM, Ole Tange wrote:
> On Mon, Dec 3, 2018 at 3:56 PM Chet Ramey <chet.ramey@case.edu> wrote:
> 
>> There has to be a compelling reason to change this, especially at a point
>> so close to a major release.
> 
> The reason for my submission was that I needed a bunch of random
> numbers in a shell script, but I needed them to be high quality.
> Luckily I did not just assume that Bash delivers high quality random
> numbers, but I read the source code, and then found that the quality
> was low. I do not think must users would do that.

This is always requirements-driven. Nobody expects to get cryptographic-
quality PRNGs out of the shell (or any of the libc interfaces, tbh), and
that's never been promised or expected. You can't really expect that from
something that only promises 16 bits.

However, for common scripting tasks like generating temporary filenames,
it's perfectly adequate.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/02
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/02
- Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/03
  - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Greg Wooledge, 2018/12/03
  - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/03
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Greg Wooledge, 2018/12/03
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/03
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey <=
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/15
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Eduardo Bustamante, 2018/12/16
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Ole Tange, 2018/12/28
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/31
    - Re: $RANDOM not Cryptographically secure pseudorandom number generator, Chet Ramey, 2018/12/17

Prev by Date: Re: $RANDOM not Cryptographically secure pseudorandom number generator
Next by Date: 'local -' disables alias expansion in scripts
Previous by thread: Re: $RANDOM not Cryptographically secure pseudorandom number generator
Next by thread: Re: $RANDOM not Cryptographically secure pseudorandom number generator
Index(es):
- Date
- Thread