LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The dangers of weak random numbers

The dangers of weak random numbers

Posted Feb 21, 2008 21:12 UTC (Thu) by liljencrantz (subscriber, #28458)
In reply to: The dangers of weak random numbers by bronson
Parent article: The dangers of weak random numbers 

It's true that the libc developers can't know why you want a random number, it's definitely
also true that one size does not fit all. But the libc implementation is the worst kind of
compromise as it is neither fast nor secure. If you want lots of numbers, you will get a lot
better performance out of e.g. Mersenne twister, and if you want something even remotely
secure, you need to use a special purpose cryptographic algorithm. 

As near as I can tell, the only situation you would ever want to use the libc random number
generator is when you really don't care about either performace or security. Couldn't they at
least have done one of the two?

(Log in to post comments)

The dangers of weak random numbers

Posted Feb 21, 2008 23:06 UTC (Thu) by bronson (subscriber, #4806) [Link] 

That's a good point.  I can't think of a single thing the libc implementation excels at.  I
understand why they punted on security, but that's no reason to punt on everything!

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds