Add a prominent warning about these functions' unsuitability for

cryptographic purposes, and recommend using arc4random(3) instead.

1 files changed, 10 insertions, 7 deletions

diff --git a/lib/libc/stdlib/random.3 b/lib/libc/stdlib/random.3
index c6502bf..612a37e 100644
--- a/lib/libc/stdlib/random.3
+++ b/lib/libc/stdlib/random.3
@@ -53,6 +53,14 @@
 .Ft char *
 .Fn setstate "char *state"
 .Sh DESCRIPTION
+.Bf -symbolic
+The functions described in this manual page are not cryptographically
+secure.
+Cryptographic applications should use
+.Xr arc4random 3
+instead.
+.Ef
+.Pp
 The
 .Fn random
 function
@@ -98,10 +106,8 @@ as the seed.
 .Pp
 The
 .Fn srandomdev
-routine initializes a state array using the
-.Xr random 4
-random number device which returns good random numbers,
-suitable for cryptographic use.
+routine initializes a state array using data from
+.Xr random 4 .
 Note that this particular seeding
 procedure can generate states which are impossible to reproduce by
 calling
@@ -191,6 +197,3 @@ The historical implementation used to have a very weak seeding; the
 random sequence did not vary much with the seed.
 The current implementation employs a better pseudo-random number
 generator for the initial state calculation.
-.Pp
-Applications requiring cryptographic quality randomness should use
-.Xr arc4random 3 .