From: Manuel Giraud <manuel@ledu-giraud.fr>
Subject: Re: ksh(1), use arc4random_uniform(3) to calculate $RANDOM
To: Biarder <mss091204.1@gmail.com>
Cc: tech@openbsd.org
Date: Fri, 22 May 2026 13:14:46 +0200

Biarder <mss091204.1@gmail.com> writes:

> Currently, ksh(1) uses rand(3) and modular arithmetic to calculate
> $RANDOM.  However, OpenBSD recommend using arc4random_uniform(3)
> to calculate a uniform random integer because rand function is
> predictable and also has modular bias when modulo operation is
> performed.

Are you sure?  The rand(3) manpage states this:

     Standards insist that this interface return deterministic results.
     Unsafe usage is very common, so OpenBSD changed the subsystem to return
     non-deterministic results by default.

and this:

     The rand() function returns a result in the range of 0 to RAND_MAX.  By
     default, this result comes from arc4random(3).  If srand_deterministic()
     was called, the result will be computed using the deterministic
     algorithm.
-- 
Manuel Giraud