[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number

From: Chet Ramey
Subject: Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number generator
Date: Sun, 20 Jan 2019 16:54:29 -0500
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.3

On 1/20/19 7:52 AM, Rawiri Blundell wrote:

> So it might be a case of restricting the usability of this change to
> newer kernels that have dedicated calls like getrandom() or
> getentropy(), and having to handle detecting/selecting those?
> So if this is an exercise that you're happy to entertain, and without
> wanting to feature-creep too much, why not something like this?

I'd probably start with URANDOM as a 32-bit random integer read as
four bytes from /dev/urandom. It's trivial to create a filename from
that with whatever restrictions (and whatever characters) you want.

> As an aside, I can confirm the findings of a performance difference
> between 4.4 and 5.0 when running the script provided earlier in the
> discussion. At first glance it seems to be due to the switch from the
> old LCG to the current MINSTD RNG, 

There's no switch: the bash-4.4 generator and bash-5.0 generators are
identical. I'll have to do some profiling when I get a chance.


``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    address@hidden    http://tiswww.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]