Subject: Re: add rnd(4) to install floppy
To: None <david@l8s.co.uk>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-security
Date: 09/06/2003 05:28:40
> On Fri, Sep 05, 2003 at 10:29:56PM +0900, itojun@iijlab.net wrote:
> > >Or just install a small cheap cryptographically secure random number
> > >generator into the kernel, and access it though a cheap interface.
> >
> > do you have such code/algorithm? any references? if so, we can just
> > put that into the kernel and let arc4random() pick randomness out of it
> > via sysctl (it already does it now when /dev/urandom is not available).
> > no change in userland required.
>
> Throw out the bathwater and the keep the baby?
>
> Just put arc4random in the kernel, make the the C library code grab
> the data from the kernel with a sysctl.
>
> In the kernel everytime you have an event that might, even plausably, be
> random, take the data byte XOR the low bits of the fastest counter you
> have and stir the generator once.
> Run the same code during the boot process (to get randomness from the
> disk reads) and shrink to 64bits (to avoid passing too much junk into the
> kernel) to get some boot time noise [1].
that is what exactly rnd(4) is doing!
itojun