Just how bad is the Microsoft Visual C++ 6 rand function, anyway?

Trei, Peter ptrei at rsasecurity.com
Tue May 21 11:52:01 EDT 2002

Now, I'm sure no one on this list would trust MSVC6 rand() for anything
important, but this post from sci crypt (which I have not cofirmed)
may be of interest:

Peter Trei

- start quote ---------------------

Newsgroups: sci.crypt, sci.crypt.random-numbers
Subject: Warning: MSVC6 rand function
Message-ID: <fu9G8.288206$tt4.19380223 at e3500-atl2.usenetserver.com>
Organization:  Bellsouth.Net
Date:  Mon, 20 May 2002 12:31:09 -0400

In case anyone's interested, the rand() function that ships in the C runtime
library with Microsoft Visual Studio 6.0 is a *15-bit* LC-PRNG.  Not only
that, but the most significant bit, which is also the most random bit in an
LC-PRNG, is discarded by masking.

Code snippet follows:

int __cdecl rand (void)
        return(((holdrand = holdrand * 214013L + 2531011L) >> 16) & 0x7fff);

- end quote ---------------------------

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list