Subject: Re: arc4random(9)
To: None <tech-kern@netbsd.org, tech-security@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 05/29/2002 02:53:45
On Wed, May 29, 2002 at 03:11:47PM +0900, itojun@iijlab.net wrote:
> >Well, then, let's just call it "random()". For debugging purposes, we
> >can add a kernel compile option to disable reseeding and stuff the seed
> >in a global so you can get it with debugging tools.
>
> to say honestly, this "not invented here" attitude is killing me.
The attitude isn't "not invented here"; it's "not invented here and not
a good idea". You will find plenty of code in NetBSD that was "not invented
here"; that does not, however, mean that any code that was "not invented
here" must necessarily be suitable for inclusion in NetBSD. At least that's
my point of view.
> with every micro diffference you make to the tree, we need to add
> #ifdef at KAME. if there's no special reason, let's go with name
> arc4random(). if you want it, i'm happy to provide an alias called
> "random()" to it.
It seems to me that the proper place to try to resolve this kind of issue
is on the BSD-API list. However, I think there are some particular reasons
why the current situation with arc4random() is bad enough that avoiding an
ifdef in the KAME code is not really sufficient reason to leave the code in
NetBSD:
1) The name is highly bogus.
A) It is highly likely to mislead naive authors of new code into using
the arc4random() function as a cryptographically secure PRNG, for
which purpose it is not generally suitable.
B) As Perry pointed out, the fact that another BSD variant was silly
enough to encode the name of a particular stream cipher in the name
of one of their random number generators is not a particularly good
reason to perpetuate the name lossage.
2) It's silly to have two different RC4-based generators in the tree. If
RC4 is really as fast as the current random() implementation, it would
be preferable to just use the new function as random() -- but this will
require the ability to turn off key changes, and to initialize the key
from a global, so that predictable output can be obtained for testing.
It seems to me that the *right* thing to do would be to persuade the other
BSD camps to replace arc4random() with an RC4-based random() implementation.
It is not *always* wrong to do things better and try to persuade the other
guys to see the light, after all.
--
Thor Lancelot Simon tls@rek.tjls.com
But as he knew no bad language, he had called him all the names of common
objects that he could think of, and had screamed: "You lamp! You towel! You
plate!" and so on. --Sigmund Freud