On Thu, 4 Oct 2001, Alan Shutko wrote: > "Jeffrey W. Baker" <[EMAIL PROTECTED]> writes: > > > That is an extraordinarily bad idea. Any person will be able to guess the > > sequence of random numbers simply by guessing the time at which your > > program was started. > > And the impact of this depends on what the program is used for. If > you're seeding the RNG for a crypto program, yes, this is bad. If > you're seeding the RNG for a random sig generator, who cares? Why use > up entropy for programs which don't need it?
Right, but those conditions weren't explained in the original advice to use srand(time()). When someone asks "How do I generate a random number" I think it's a lot safer to advise /dev/random than time(). In either case I would hope that critical software isn't being written by people who don't even know how to generate random numbers. -jwb
