[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] predictable PRNG used

From: Thomas Dickey
Subject: Re: [Lynx-dev] predictable PRNG used
Date: Sun, 5 Jul 2009 13:19:17 -0400 (EDT)

On Sun, 5 Jul 2009, Michael S. Gilbert wrote:

On Sun, 5 Jul 2009 13:08:38 +0000 (UTC) Thorsten Glaser wrote:
If arc4random(3) is available┬╣, lynx uses it. I sent in a patch
for that years ago. Otherwise, there is no good self-seeding SRNG
available in the standards, so it will use lrand48(3) instead┬▓,
with a fallback to rand(3) like everyone else.

i'm triaging this issue for linux, and i don't believe that it has an
arc4random implementation.  so this would mean that lynx is using the
very insecure linear congruential algorithm and is thus affected by
this issue?

It depends - lynx's configure script looks for these pairs:

arc4random_stir/arc4random srandom/random

On Debian/testing, it'll use srandom and random, whose manpage says non-linear:

       The random() function uses a non-linear additive feedback random number
       generator employing a default table of size 31 long integers to  return
       successive  pseudo-random numbers in the range from 0 to RAND_MAX.  The
       period of this random number generator  is  very  large,  approximately

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]