Re: Random not so random
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: hf0722x@protecting.net
Cc: pgsql-general@postgresql.org
Date: 2004-10-05T14:37:00Z
Lists: pgsql-general
Harald Fuchs <hf0722x@protecting.net> writes: >> Tom Lane <tgl@sss.pgh.pa.us> wrote: >>>> It might improve matters to make the code do something like >>>> srandom((unsigned int) (now.tv_sec ^ now.tv_usec)); > I think we don't need the randomness provided by /dev/[u]random. How > about XORing in getpid? That sounds like a fine compromise --- it'll ensure a reasonable-size set of possible seeds, it's at least marginally less predictable than now.tv_sec, and it's perfectly portable. No one in their right mind expects random(3) to be cryptographically secure anyway, so doing more doesn't seem warranted. The various proposals to create a more-secure, less-portable variant of random() don't seem appropriate to me for beta. But I'd not object to someone whipping up a contrib module for 8.1 or beyond. regards, tom lane