Subject: Re: arc4random(9)
To: Perry E. Metzger <perry@wasabisystems.com>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 05/28/2002 23:13:23
On Tue, May 28, 2002 at 08:23:31PM -0400, Perry E. Metzger wrote:
>
> I agree modulo one thing: RC4 is actually more or less as fast as
> random() once initialized, so there is no real point in using random()
> -- an RC4 based generator would actually work better and produce much
> nicer data for things like monte carlo generators.
Well, then, let's just call it "random()". For debugging purposes, we
can add a kernel compile option to disable reseeding and stuff the seed
in a global so you can get it with debugging tools.
One nice thing about the random() interface, of course, is that with no
(buf, len) you should touch only the stack, which should be at least a
little bit more efficient.
We should still rip out the current /dev/urandom interface and replace
it with one of the two generators specified by the relevant standards;
even the standard's SHA1-based generator really is no _worse_, and the
block-cipher generator is in many ways better.
Yarrow would be a nice idea, but unfortunately the standards in question
are quite strict, many people building products with NetBSD are _forced_
to strictly conform to them, and neither one permits Yarrow. The X9.31
generator, perhaps hooked to an API that lets you choose the block cipher
used, is probably the best bet.
--
Thor Lancelot Simon tls@rek.tjls.com
But as he knew no bad language, he had called him all the names of common
objects that he could think of, and had screamed: "You lamp! You towel! You
plate!" and so on. --Sigmund Freud