@staatsgeheim @canadianbryan No, they weren't. rand() is for REPRODUCIBLE, DETERMINISTIC prng use. Anything using it for entropy is broken.
-
-
Replying to @RichFelker
@staatsgeheim@canadianbryan Things like random image generators where you want to reproduce the same image with the same seed.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@staatsgeheim@canadianbryan Or statistical simulations that need to be reproducible.1 reply 0 retweets 0 likes -
Replying to @staatsgeheim
@staatsgeheim@canadianbryan It's not "backwards compatible" if you need to change correct portable programs to use nonstd obsd apis.3 replies 0 retweets 1 like -
Replying to @RichFelker
@staatsgeheim@canadianbryan These programs are not broken and do not need to be fixed. They are using rand correctly.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@staatsgeheim@canadianbryan The ones that need to be fixed (or preferably rm'd) are the ones using rand() for csprng purposes.2 replies 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@staatsgeheim@canadianbryan secure by default wins. Deal with it.2 replies 1 retweet 1 like -
Replying to @dakami
@dakami@staatsgeheim@canadianbryan I deal with it by only supporting standards-conforming systems and not using OpenBSD.2 replies 0 retweets 0 likes
@dakami @staatsgeheim @canadianbryan But this is not "secure by default". Dropping a csprng in place of rand() does not make anything secure
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.