tech-kern: Re: replace kernel random number function

Subject: Re: replace kernel random number function
To: None <tech-security@netbsd.org>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-kern
Date: 10/22/2000 11:56:44

In message <20001020230203.097CB7E46@starfruit.itojun.org>, Jun-ichiro itojun H
agino writes:
>	i plan to replace kernel random(9) with libc random(3) code,
>	or arc4random.  any comments?
>
>	current random(9) is too weak, and allows security threat like we saw
>	with TCP ISS guessing.   libc random(3) code looks enough strong for
>	polinomial random number generator.
>
>itojun
>
Where will you get the seeds?  That's the really hard part.

arc4 (as a cipher) is not (quite) as random as one would like, in a 
cryptographic sense, though it's probably adequate for your purposes.

The right thing to do would be to port yarrow (see www.counterpane.com, 
though I don't have the link available just now and I'm offline when 
writing this).  Unfortunately, it's filled with lots of DLL-ish things.

		--Steve Bellovin