> On Mon, Mar 31, 2014 at 20:19, Stuart Henderson wrote: > > On 2014/03/31 20:58, Christian Weisgerber wrote: > >> security/samhain has been broken since the removal of sum(1). > >> > >> The problem is the c_random.sh script, which returns a 16-bit random > >> number in decimal. Unless I'm missing something obvious, this is > >> surprisingly difficult to do in a semi-portable fashion at the shell > >> level. > >> > >> I've settled on > >> printf %d `openssl rand -hex 2` > >> > >> The other part is just re-indentation. > >> > >> OK? Better ideas? > > > > I wondered about just doing $((RANDOM+RANDOM)) but don't know the > > pros and cons of that approach - it's not exactly arc4random_uniform.. > > Right, that's not uniform at all. > > $RANDOM * 2 + $RANDOM % 2 is approximately uniform.
Not everything has to be uniform.
