[plt-scheme] How Hacker News was hacked

From: YC (yinso.chen at gmail.com)
Date: Wed Jun 3 15:34:49 EDT 2009

On Wed, Jun 3, 2009 at 11:05 AM, Robby Findler
<robby at eecs.northwestern.edu>wrote:

> Does this mean that mzscheme should not be using the current seconds
> to initialize the random seed?
>

Other languages I have used (Perl, C#, Java, etc) also default to using
current seconds, but allow you to change the seed manually.

They also advised not to use PRNG for cryptographic purposes in the docs,
and provide other means of obtaining cryptographic random number.

If PLT has all of the above, IMHO it would be a developer's responsibility
to ensure their app is secure.

Cheers,
yc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20090603/d5516eda/attachment.html>

Posted on the users mailing list.