BugTraq
Flaw in commonly used bash random seed method Apr 02 2006 03:12AM
coderpunk (coderpunk gmail com) (1 replies)
Re: Flaw in commonly used bash random seed method Apr 03 2006 07:56PM
Matthijs (thotter gmail com) (2 replies)
Re: Flaw in commonly used bash random seed method Apr 04 2006 01:22PM
Dave Korn (davek_throwaway hotmail com) (1 replies)
Re: Flaw in commonly used bash random seed method Apr 05 2006 05:32PM
Steve VanDevender (stevev hexadecimal uoregon edu)
Re: Flaw in commonly used bash random seed method Apr 04 2006 08:21AM
Dave English (dave english thus net) (1 replies)
In message
<a260a2190604031256g23cf3645s348f829530982b38 (at) mail.gmail (dot) com [email concealed]>, Matthijs
<thotter (at) gmail (dot) com [email concealed]> writes

>By the way, if the random function can only generate numbers between 0
>and 32767, won't 2 bytes be enough then? The algorithm will perform a
>modulo calculation anyway, so 4 bytes won't really add anything. Of
>course, it is much better then only one byte.

That will depend on whether the state stored between calls to the PRNG
is only 15-bits, or something larger.

If more state is stored than is enumerated in the result, then the
generator should have more points on its sequence than 32768 . In that
case then, seeding with more than 15 bits would be worthwhile.

I have not looked at Bash myself, to see what it actually does
--
Dave English Senior Software & Systems Engineer
Internet Platform Development, Thus plc
-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.5.5

iQA/AwUARDIskv6KvPRE3w75EQKoagCfY3eC7QzMG8x+LfzgyVHzkFvquUIAn34K
dZgH9F5q3beV4nVhha/qFFG5
=r8vy
-----END PGP SIGNATURE-----

[ reply ]
Re: Flaw in commonly used bash random seed method Apr 04 2006 02:47PM
Matthijs (thotter gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus