| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | hf0722x(at)protecting(dot)net |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Random not so random |
| Date: | 2004-10-05 14:37:00 |
| Message-ID: | 14618.1096987020@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Harald Fuchs <hf0722x(at)protecting(dot)net> writes:
>> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>>> It might improve matters to make the code do something like
>>>> srandom((unsigned int) (now.tv_sec ^ now.tv_usec));
> I think we don't need the randomness provided by /dev/[u]random. How
> about XORing in getpid?
That sounds like a fine compromise --- it'll ensure a reasonable-size
set of possible seeds, it's at least marginally less predictable than
now.tv_sec, and it's perfectly portable. No one in their right mind
expects random(3) to be cryptographically secure anyway, so doing more
doesn't seem warranted.
The various proposals to create a more-secure, less-portable variant
of random() don't seem appropriate to me for beta. But I'd not object
to someone whipping up a contrib module for 8.1 or beyond.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Csaba Nagy | 2004-10-05 14:41:28 | Re: Mailing |
| Previous Message | Todd P Marek | 2004-10-05 14:32:10 | Mailing |