[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number

From: Greg Wooledge
Subject: Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number generator
Date: Mon, 21 Jan 2019 08:48:15 -0500
User-agent: NeoMutt/20170113 (1.7.2)

On Sun, Jan 20, 2019 at 03:39:45PM +0100, Martijn Dekker wrote:
> E.g. to create a random character string for a temporary
> file name, you could do
> filename_suffix() {
>     chars=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
>     length=${#chars}
>     for ((i=0; i<10; i++)) do
>         printf '%s' "${chars:$(( SECURE_RANDOM % length + 1 )):1}"
>     done
> }
> tmpfile=/tmp/myfile.$(filename_suffix)

If we're doing wishlists here, I would much rather have a portable
builtin mktemp command.  Have it work like the Linux mktemp(1) command
(automatically create the file before terminating), and if you want to
put a cherry on top, let it accept and ignore the -c (create) option
for compatibility with the HP-UX mktemp(1) which doesn't create the file
by default.

P.S. yours needs quite a lot more code (perhaps attempting to create
the file with noclobber in effect, or something similar) to be safe.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]