Subject: Re: arc4random(9)
To: Jason R Thorpe <thorpej@wasabisystems.com>
From: Perry E. Metzger <perry@wasabisystems.com>
List: tech-security
Date: 05/28/2002 20:23:31
Jason R Thorpe <thorpej@wasabisystems.com> writes:
> It is certainly not fine for e.g. a CBC IV.
Actually, IVs are an ideal use for such a thing. What you want is a
sequence which will not repeat easily and where the hamming distance
between the successive values is usually high -- there is no need for
something secret (because it isn't!). Something like this works great
for IVs. It just works horribly for producing KEYS!
> You want to have multiple interfaces:
>
> - traditional random(), which can be used for reproducing results.
>
> - fast-and-pretty-good generator for things which don't need
> cryptographically strong random numbers, just "pretty good"
> ones.
>
> - cryptographically strong generator for cases where you need it.
I agree modulo one thing: RC4 is actually more or less as fast as
random() once initialized, so there is no real point in using random()
-- an RC4 based generator would actually work better and produce much
nicer data for things like monte carlo generators.
--
Perry E. Metzger perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/