it is 2014, and we still need to encourage people away from srand()

and random().  Sigh.

diff --git a/lib/libc/stdlib/rand.3 b/lib/libc/stdlib/rand.3
index 7539597..be5481b 100644 (file)
--- a/lib/libc/stdlib/rand.3
+++ b/lib/libc/stdlib/rand.3
@@ -29,9 +29,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"    $OpenBSD: rand.3,v 1.15 2014/04/07 17:57:56 schwarze Exp $
+.\"    $OpenBSD: rand.3,v 1.16 2014/07/17 23:12:28 deraadt Exp $
 .\"
-.Dd $Mdocdate: April 7 2014 $
+.Dd $Mdocdate: July 17 2014 $
 .Dt RAND 3
 .Os
 .Sh NAME
@@ -50,7 +50,10 @@
 .Sh DESCRIPTION
 .Bf -symbolic
 These interfaces are obsoleted by
-.Xr random 3 .
+.Xr random 3 ,
+which is also unsafe.
+Consider using
+.Xr arc4random 3 .
 .Ef
 .Pp
 The

diff --git a/lib/libc/stdlib/random.3 b/lib/libc/stdlib/random.3
index 2bac417..1223745 100644 (file)
--- a/lib/libc/stdlib/random.3
+++ b/lib/libc/stdlib/random.3
@@ -25,9 +25,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"    $OpenBSD: random.3,v 1.23 2014/07/13 14:25:00 tedu Exp $
+.\"    $OpenBSD: random.3,v 1.24 2014/07/17 23:12:28 deraadt Exp $
 .\"
-.Dd $Mdocdate: July 13 2014 $
+.Dd $Mdocdate: July 17 2014 $
 .Dt RANDOM 3
 .Os
 .Sh NAME
@@ -50,6 +50,12 @@
 .Ft char *
 .Fn setstate "char *state"
 .Sh DESCRIPTION
+.Bf -symbolic
+This interface is not cryptographically secure, so consider using 
+.Xr arc4random 3
+instead.
+.Ef
+.Pp
 The
 .Fn random
 function uses a non-linear additive feedback random number generator employing