On Tue, Apr 18, 2017 at 10:12 PM, <bytevolc...@safe-mail.net> wrote: ... > Yes, it may be "standards mandated" in some cases (r1.39, bin/ksh/var.c) or > used by 60 pieces of software, but why would software require a PRNG to be > deterministic? > > That is my question, not "what apps and standards need it?" but "what usage > cases require it, and can this be replaced with a deterministic PRNG?"
The classic case is code that wants to offer the ability to reproduce the sequence, so that the state *before* some interesting state can be examined. For example, fuzzers often report the seed that generated a crash, so you can reenter it and walk the target program into the crash step by step. If a program offers a "set the seed" option then that's a huge hint. If you think that option doesn't make sense for some program then that's a concern to take to the developer *of that program*... For a broader answer to the "why?", take a look at the patches under /usr/ports/ which add uses of the *_deterministic() calls. Some OpenBSD dev in the past judged that that port wanted it and may have recorded why they thought so in the patch or the commit message of the patch. Lacking that, go look at the ports' sources and see what might indicate that. Philip Guenther
