[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] predictable PRNG used

From: Thorsten Glaser
Subject: Re: [Lynx-dev] predictable PRNG used
Date: Sun, 5 Jul 2009 13:08:38 +0000 (UTC)

Michael S. Gilbert dixit:

>it has been discovered that all of the major web browsers use a
>predictable pseudo-random number generator (PRNG).  please see
>reference [0].  lynx is fairly basic, so it may not be affected, but it
>would be useful to check nontheless.  thanks.

If arc4random(3) is available¹, lynx uses it. I sent in a patch
for that years ago. Otherwise, there is no good self-seeding SRNG
available in the standards, so it will use lrand48(3) instead²,
with a fallback to rand(3) like everyone else.

So, basically, lynx uses a good SRNG or PRNG if available from
the OS, and it’s not lynx’ fault if there is none. (After all,
lynx runs on DOS and VMS, too.)


“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
        -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2

reply via email to

[Prev in Thread] Current Thread [Next in Thread]