On Saturday, 23 July 2005 at 13:09:41 -0600, M. Warner Losh wrote: > In message: <20050723064449.GZ842_at_wantadilla.lemis.com> > "Greg 'groggy' Lehey" <grog_at_freebsd.org> writes: >> You should take a look at what I committed. It simply uses the >> microsecond value returned by getlocaltime() for the automatic seeding >> by srandomdev(). It fixes the problem. I can see only two >> explanations: >> >> 1. srandomdev(), random(4) or friends are broken. >> 2. random(4) has been initialized incorrectly. >> >> Currently I'm guessing (2), but I don't care much either way. > > When sradnomdev() is broken, *DO*NOT* kludge around them by > committing half-baked "fixes" like you did. This code is good enough for fortune. Nobody's claiming that it's a solution to random number generation. Others should look at that aspect, not get involved in a commit war. > It is broken. We need to find out the *REAL* cause of the problem. Agreed. Is anybody doing that? It's not my area. > If Rush gets more quotes than normal, and that annoys people to find > the real problem, we shouldn't mask it. It is a really bad choice > from a security point of view. So it's better to back perfectly valid code rather than to look for the real culprit? What kind of security is that? Greg -- The virus once contained in this message has lost interest in life, shrivelled up and died. LEMIS anti-virus has given it an appropriate burial. For further details see http://www.lemis.com/grog/lemis-virus.html Finger grog_at_lemis.com for PGP public key. See complete headers for address and phone numbers.
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:39 UTC