> if we're talking about pushing arc4random patches upstream (which might > be on the cards for various ports with the APIWARN for random() and > friends) I wonder if it might be a good time to consider alternative > (non-cipher-specific) function names, otherwise I suspect we are going > to get pointed at the libottery faq quite often..
So just recommend a better name, and we can start the transition to a new name yesterday. None of us cares about *the cipher it uses inside* -- we care about what it promises other than that, which is something libottery also fails to solve: https://github.com/nmathewson/libottery/blob/master/src/ottery_osrng.c Yes, I see the rdrand for some platforms. But I also see the /dev/urandom for other platforms, which means it fails to solve the problem entirely. Yes, yes yes, that means arc4random() is screwed on other platforms too. But on all those systems the RC4 part of it is *THE LEAST OF THE WORRY FOR MUCH SOFTWARE*. /dev/*random is not a standard interface; nor is rdrand.
