[10789] in cryptography@c2.net mail archive
Just how bad is the Microsoft Visual C++ 6 rand function, anyway?
daemon@ATHENA.MIT.EDU (Trei, Peter)
Tue May 21 23:20:18 2002
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A01E90E55@exna07.securitydynamics.com>
From: "Trei, Peter" <ptrei@rsasecurity.com>
To: "'cryptography@wasabisystems.com'" <cryptography@wasabisystems.com>
Date: Tue, 21 May 2002 11:52:01 -0400
MIME-Version: 1.0
Content-Type: text/plain
Now, I'm sure no one on this list would trust MSVC6 rand() for anything
important, but this post from sci crypt (which I have not cofirmed)
may be of interest:
Peter Trei
- start quote ---------------------
Newsgroups: sci.crypt, sci.crypt.random-numbers
Subject: Warning: MSVC6 rand function
Message-ID: <fu9G8.288206$tt4.19380223@e3500-atl2.usenetserver.com>
Organization: Bellsouth.Net
Date: Mon, 20 May 2002 12:31:09 -0400
In case anyone's interested, the rand() function that ships in the C runtime
library with Microsoft Visual Studio 6.0 is a *15-bit* LC-PRNG. Not only
that, but the most significant bit, which is also the most random bit in an
LC-PRNG, is discarded by masking.
Code snippet follows:
int __cdecl rand (void)
{
return(((holdrand = holdrand * 214013L + 2531011L) >> 16) & 0x7fff);
}
- end quote ---------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
