Talk:Random Numbers

From OpenSSLWiki
Revision as of 18:52, 4 June 2015 by Jwalton (talk | contribs) (Is RAND_poll part of the public API?)

Jump to: navigation, search

void * casting hack?

The thing about casting to void* and using "%p" just to print an unsigned long in hex seemed a little odd to me. Am I missing something as to why "0x%lx" isn't a viable option?

--Ppelleti 03:00, 8 March 2013 (UTC)

Feel free Jwalton 18:34, 30 March 2013 (UTC)

Is RAND_poll part of the public API?

I have removed the question about whether RAND_poll is considered part of the public API. The "rand" module contains two header files: rand.h and rand_locl.h. The first becomes part of the deployment when you install OpenSSL, whilst the latter does not. This is a common theme throughout the library. Basically anything in the *_locl.h header files should be considered private to the library, whilst anything that gets deployed should be considered part of the public API. Since RAND_poll is in rand.h (which gets deployed during installation) it should be considered part of the public API.

--Matt 12:26, 9 March 2013 (UTC)

I think it would be good to get a clear statement of what constitutes the public API, because I'm getting conflicting messages. You state that anything in an installed header file is part of the public API. However, Contributions#Code_Maturity implies that functions are not part of the API until they are documented. Since RAND_poll is not documented, that interpretation would suggested that RAND_poll is not yet "cast in stone" and is subject to change.
--Ppelleti 00:03, 19 March 2013 (UTC)
I don't think there is a conflict between what I said above, and what it says on Contributions#Code_Maturity. That page merely says that the API might not have completely settled down which might be the reason why there isn't any documentation. It doesn't say that the API is not "public" until its been documented.
--Matt 21:05, 19 March 2013 (UTC)
Sidestepping the semantics of what it means to be "public", the real question I'm getting at is whether we should be encouraging people to use RAND_poll? Or did the OpenSSL developers leave RAND_poll undocumented on purpose?
--Ppelleti 20:33, 20 March 2013 (UTC)
Well in my personal opinion, we should not avoid undocumented functions merely because they are undocumented. If you're going to do that you might as well forget anything that involves elliptic curve keys! :-)
--Matt 20:41, 20 March 2013 (UTC)
Matt, Ppelleti - I *thought* another indicator was capital versus lowercase. RAND_poll is public, rand_poll is private and should not be used.
I also think presence/lack of documentation is a poor indicator. There's lots of stuff that's public that does not really have a man page.
Jwalton (talk) 18:52, 4 June 2015 (UTC)

Should we be promoting a commercial company?

I am a little concerned about the link to entropykey. Should we be promoting a commercial company? Whilst the text reads fine at the moment it could be the "thin end of the wedge". This is a wiki after all. What's to stop other companies coming along and adding links to their products? How will we then decide which edits are ok, and which not? We don't want the page degenerating into a long list of products. Should we not have a policy of "no commerical endorsements"?

--Matt 12:33, 9 March 2013 (UTC)

The intent was to provide a link to an inexpensive, high quality random source. Do you want to start a table *with* prices at the bottom of the page? Prices are important because some of this gear is expensive. $40 UK is dirt cheap for a FIPS approved generator. Jwalton 18:33, 30 March 2013 (UTC)
No, I think a table would be worse. Leave it for now, we can review if it turns into a problem --Matt 08:28, 31 March 2013 (UTC)