[Development] What to do with qrand/qsrand?
Thiago Macieira
thiago.macieira at intel.com
Wed Jun 14 17:45:01 CEST 2017
On quarta-feira, 14 de junho de 2017 08:26:50 PDT Jason H wrote:
> Given the number of softwares that are compromised by bad random number
> generation practices, I'd suggest we invert the normal behavior - random by
> default. If they need predictability then make them seed with a constant
> seed.
That is why I added QRandomGenerator, which has a (reasonably) secure default
behaviour. But it will degrade if you abuse it.
The question though is what to do with qrand. Code using it is not secure at
all, so does it matter if we change it?
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list