From: cr88192@gmail.com   
      
   On 12/23/2025 8:55 AM, Michael Sanders wrote:   
   > On Tue, 23 Dec 2025 02:17:01 -0000 (UTC), Lawrence D’Oliveiro wrote:   
   >   
   >> On Tue, 23 Dec 2025 00:39:49 -0000 (UTC), John McCue wrote:   
   >>   
   >>> I like to just read /dev/urandom when I need a random number. Seem   
   >>> easier and more portable across Linux & the *BSDs.   
   >>   
   >> Not to mention a lot stronger, cryptographically.   
   >   
   > No srand() combined with crypto on my end. Sounds like an invitation   
   > to get hacked from everything I've ever read about mixing the two.   
   >   
      
   While arguably a typical C library "rand()" isn't that strong, if one   
   has a number sequence of output random digits, it might still take an   
   impractical amount of time to brute-force search the entire seed space   
   for a 64-bit seed.   
      
      
   So, for example, if used to encrypt a point-to-point session, it is   
   likely whatever session would have ended long before the attacker could   
   brute-force the pattern.   
      
   And, AFAIK, with a typical LCG there is no good way to feed the numbers   
   back into the RNG to get back the seed (though, such a strategy is   
   possible with some of my shift-and-XOR RNG's, but these are usually more   
   intended to generate numbers faster, as the C library "rand()" is   
   sometimes not fast enough...).   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)