From: deraadt Date: Fri, 12 Feb 2021 17:03:51 +0000 (+0000) Subject: Some people still argue that rand(3) and random(3) have suitable deterministic X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=70d9094f4044ec4d667009ef66d835cce8e9a22a;p=openbsd Some people still argue that rand(3) and random(3) have suitable deterministic use cases, so explain the situation a bit more. Since the 80's, I estimate around 5 algorithm changes, so any chosen seed is unrepeatable UB. +The deterministic sequence algorithm changed a number of times since +original development, is underspecified, and should not be relied upon to +remain consistent between platforms and over time. ok jmc kettenis --- diff --git a/lib/libc/stdlib/rand.3 b/lib/libc/stdlib/rand.3 index 2fd88ac8a4b..76278c871ab 100644 --- a/lib/libc/stdlib/rand.3 +++ b/lib/libc/stdlib/rand.3 @@ -29,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: rand.3,v 1.19 2014/12/09 21:55:39 jmc Exp $ +.\" $OpenBSD: rand.3,v 1.20 2021/02/12 17:03:51 deraadt Exp $ .\" -.Dd $Mdocdate: December 9 2014 $ +.Dd $Mdocdate: February 12 2021 $ .Dt RAND 3 .Os .Sh NAME @@ -78,6 +78,9 @@ can be substituted for then subsequent .Fn rand calls will return results using the deterministic algorithm. +The deterministic sequence algorithm changed a number of times since +original development, is underspecified, and should not be relied upon to +remain consistent between platforms and over time. .Pp The .Fn rand diff --git a/lib/libc/stdlib/random.3 b/lib/libc/stdlib/random.3 index 020c72805f1..0770d20f09b 100644 --- a/lib/libc/stdlib/random.3 +++ b/lib/libc/stdlib/random.3 @@ -25,9 +25,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: random.3,v 1.28 2014/12/09 21:55:39 jmc Exp $ +.\" $OpenBSD: random.3,v 1.29 2021/02/12 17:03:51 deraadt Exp $ .\" -.Dd $Mdocdate: December 9 2014 $ +.Dd $Mdocdate: February 12 2021 $ .Dt RANDOM 3 .Os .Sh NAME @@ -96,6 +96,9 @@ a default table of size 31 long integers to return successive pseudo-random numbers in the range from 0 to (2**31)\-1. The period of this random number generator is very large, approximately 16*((2**31)\-1), but the results are a deterministic sequence from the seed. +The deterministic sequence algorithm changed a number of times since +original development, is underspecified, and should not be relied upon to +remain consistent between platforms and over time. .Pp The .Fn initstate