On Sun, Feb 16, 2003 at 22:08:10 -0800, Kris Kennaway wrote: > when they should not. I've given examples of two of them, and there > are probably lots of others I haven't noticed. For example, I just > checked, and libICE appears to use rand() for cookie generation. This > is completely bogus, and insecure.
Usually applications we build (like awk, etc.) could be fixed by simple one line change: srand(something) -> sranddev() It completely eliminates first value correlation problem. -- Andrey A. Chernov http://ache.pp.ru/
msg52685/pgp00000.pgp
Description: PGP signature