[openbeos] Re: is rand() really random?

  • From: Jack Lloyd <lloyd@xxxxxxxxxxxxx>
  • To: openbeos@xxxxxxxxxxxxx
  • Date: Mon, 12 Apr 2004 13:04:03 -0400

On Fri, Apr 09, 2004 at 07:05:31PM -0400, Michael Phipps wrote:
> Scott is both correct and ... overcautious at the same time.
> A lot of it depends on your needs. If you are trying to do some ultra secure, 

If you need something secure (secure == crypto, etc) then rand() isn't going to
cut it no matter how well it's seeded. At best, srand() lets you put
CHAR_BIT*sizeof(unsigned int) bits of entropy into the RNG, which isn't enough
even with 64-bit ints. And even if it was more, most libc rand() functions
aren't cryptographically secure by any stretch of the imagination.


Other related posts: