Red Hat Bugzilla – Bug 1262846
CVE-2015-5276 gcc: Predictable randomness from std::random_device
Last modified: 2016-06-10 05:04:09 EDT
It was discovered that the std::random_device class in libstdc++ would
not properly detect short reads and could return return predictable
values if applications used it to obtain randomness from a blocking
source such as /dev/random.
Created gcc tracking bugs for this issue:
Affects: fedora-all [bug 1262852]
std::random_device is not guaranteed to be cryptographically secure and should not be used for secure cryptographic code. Thus having a low impact.
I was intending to fix this.
std::random_device can use /dev/random in GCC's implementation (and the intent of the C++ standard is to allow, even encourage that), isn't that suitable for secure crypto?