diff options
| author | des <des@FreeBSD.org> | 2012-09-04 21:40:53 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2012-09-04 21:40:53 +0000 |
| commit | 2d0a5cb1e0e9d676c2b3e5999c28379692844fe9 (patch) | |
| tree | 5c7773f188d47ed604cda96e02f329d653214533 /lib/libc | |
| parent | dec17a5bb53dc001725a88fd95fc97330c8dea34 (diff) | |
| download | FreeBSD-src-2d0a5cb1e0e9d676c2b3e5999c28379692844fe9.zip FreeBSD-src-2d0a5cb1e0e9d676c2b3e5999c28379692844fe9.tar.gz | |
Add a prominent warning about these functions' unsuitability for
cryptographic purposes, and recommend using arc4random(3) instead.
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/stdlib/rand.3 | 13 | ||||
| -rw-r--r-- | lib/libc/stdlib/random.3 | 17 |
2 files changed, 17 insertions, 13 deletions
diff --git a/lib/libc/stdlib/rand.3 b/lib/libc/stdlib/rand.3 index 3eb1a1d..6805073 100644 --- a/lib/libc/stdlib/rand.3 +++ b/lib/libc/stdlib/rand.3 @@ -55,9 +55,15 @@ .Fn rand_r "unsigned *ctx" .Sh DESCRIPTION .Bf -symbolic +The functions described in this manual page are not cryptographically +secure. +Cryptographic applications should use +.Xr arc4random 3 +instead. +.Ef +.Pp These interfaces are obsoleted by .Xr random 3 . -.Ef .Pp The .Fn rand @@ -88,9 +94,6 @@ The function initializes a seed using the .Xr random 4 random number device which returns good random numbers. -However, the -.Fn rand -function still remains unsuitable for cryptographic use. .Pp The .Fn rand_r @@ -105,8 +108,6 @@ For better generator quality, use .Xr random 3 or .Xr lrand48 3 . -Applications requiring cryptographic quality randomness should use -.Xr arc4random 3 . .Sh SEE ALSO .Xr arc4random 3 , .Xr lrand48 3 , diff --git a/lib/libc/stdlib/random.3 b/lib/libc/stdlib/random.3 index c6502bf..612a37e 100644 --- a/lib/libc/stdlib/random.3 +++ b/lib/libc/stdlib/random.3 @@ -53,6 +53,14 @@ .Ft char * .Fn setstate "char *state" .Sh DESCRIPTION +.Bf -symbolic +The functions described in this manual page are not cryptographically +secure. +Cryptographic applications should use +.Xr arc4random 3 +instead. +.Ef +.Pp The .Fn random function @@ -98,10 +106,8 @@ as the seed. .Pp The .Fn srandomdev -routine initializes a state array using the -.Xr random 4 -random number device which returns good random numbers, -suitable for cryptographic use. +routine initializes a state array using data from +.Xr random 4 . Note that this particular seeding procedure can generate states which are impossible to reproduce by calling @@ -191,6 +197,3 @@ The historical implementation used to have a very weak seeding; the random sequence did not vary much with the seed. The current implementation employs a better pseudo-random number generator for the initial state calculation. -.Pp -Applications requiring cryptographic quality randomness should use -.Xr arc4random 3 . |
