You can feed a csPRNG with as few bits as you right. It won't be secure if you seed it but this has no impact on unseeded use (or seeding with a wider seed)
Adding a useless function is a non-breaking change. Not comparable to breaking an existing one.
-
-
Removal of gets was good because it clearly has no valid uses. rand() and mktemp() both have lots of valid uses.
-
In the end, you don't get the big picture. We're doing the changes, we're validating the results, which includes fixing whatever breaks. The cost of fixing visible breakage is waaaay lower than keeping around silent security holes.
-
Putting
#pragma poison for rand in default env & requiring manual override would have solved the problem without silent wrong behavior. -
show us practical examples of wrong behavior, please. Not theoretical discussion. Actual programs that already exist that break silently and that we haven't fixed. As opposed to actual programs that were silently broken and that our change fixed.
-
Gimp filters. Oh, I love that effect I just got but I meant to ______ first. Let's undo and redo.
-
"Shiiiiiiit, that effect was cryptographic quality noise produced, not the deterministic sequence it was supposed to be."
-
LOL. Seriously, you saw that one happen, or are you talking out of your ass ?
-
Like, give me a specific CONCRETE filter you use in gimp that's affected by our non-deterministic random. Or it did not happen.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.