arc4random - are you sure we want these?

Tue Jul 26 14:35:40 GMT 2022

Hi,

Le 25/07/2022 à 14:39, Florian Weimer a écrit :
> * Jason A. Donenfeld via Libc-alpha:
>>> The performance numbers suggest that we benefit from buffering in user
>>> space.
>> The question is whether it's safe and advisable to buffer this way in
>> userspace. Does userspace have the right information now of when to
>> discard the buffer and get a new one? I suspect it does not.
> Not completely, no, but we can cover many cases.  I do not currently see
> a way around that if we want to promote arc4random_uniform(limit) as a
> replacement for random() % limit.

+1

That the reason I've reviewed the implementation positively: for me 
arc4random is not about generating secret keys but small integers.
I want to be able to divert developers from
     srand(time(NULL))
     identifier = rand() % 33
to
     identifier = arc4random_uniform(33)

Safe, fast, and reasonably secure.

Regards.

-- 
Yann Droneaud
OPTEYA