Re: How to generate a random number?

To: <debian-user@lists.debian.org>
Subject: Re: How to generate a random number?
From: "Jeffrey W. Baker" <jwbaker@acm.org>
Date: Thu, 4 Oct 2001 10:36:58 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.33.0110041035280.749-100000@desktop>
In-reply-to: <[🔎] 87elojxtvr.fsf@wesley.springies.com>

On Thu, 4 Oct 2001, Alan Shutko wrote:

> "Jeffrey W. Baker" <jwbaker@acm.org> writes:
>
> > That is an extraordinarily bad idea.  Any person will be able to guess the
> > sequence of random numbers simply by guessing the time at which your
> > program was started.
>
> And the impact of this depends on what the program is used for.  If
> you're seeding the RNG for a crypto program, yes, this is bad.  If
> you're seeding the RNG for a random sig generator, who cares?  Why use
> up entropy for programs which don't need it?

Right, but those conditions weren't explained in the original advice to
use srand(time()).  When someone asks "How do I generate a random number"
I think it's a lot safer to advise /dev/random than time().

In either case I would hope that critical software isn't being written by
people who don't even know how to generate random numbers.

-jwb

Reply to:

Follow-Ups:
- Re: How to generate a random number?
  - From: Liu Tao <debian@0451.com>

References:
- Re: How to generate a random number?
  - From: Alan Shutko <ats@acm.org>

Prev by Date: NIC problems
Next by Date: Re: What to choose
Previous by thread: Re: How to generate a random number?
Next by thread: Re: How to generate a random number?
Index(es):
- Date
- Thread