[Cryptography] CSPRNG for password salt
Christian Huitema
huitema at huitema.net
Thu Aug 21 01:28:02 EDT 2014
> Replacing a simple design with a more complex one "just because you have
the parts around"
> adds to risk, it doesn't ameliorate it.
Not if you look at the bigger picture. There are so many cases in which
using "rand()" is problematic that our secure development guidelines just
ban it. Our developers get a simple message: if you want random numbers, use
"cryptogenrandom()," do not use "rand()." In fact, automated verification
will reject your commit if you try to slip in a banned API like "rand()" or
"strcpy()." This is much simpler than trying to explain that "rand()" is OK
in some places, but not in others, and you should do a case study...
The only exception may be scientific computations, simulations in which you
want to ensure that a known seed produces a predictable sequence of pseudo
random numbers. But then, you don't want to use rand() either, because the
period is way too short. You will probably end up with a Mersenne twister.
-- Christian Huitema
More information about the cryptography
mailing list