From owner-freebsd-hackers  Sat Sep 30 00:08:19 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id AAA19524
          for hackers-outgoing; Sat, 30 Sep 1995 00:08:19 -0700
Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id AAA19519
          for <hackers@freebsd.org>; Sat, 30 Sep 1995 00:08:12 -0700
Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.12/8.6.9) with ESMTP id JAA17203 for <hackers@freebsd.org>; Sat, 30 Sep 1995 09:07:57 +0200
Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.12/8.6.9) with SMTP id JAA21165 for <hackers@freebsd.org>; Sat, 30 Sep 1995 09:07:55 +0200
Message-Id: <199509300707.JAA21165@grumble.grondar.za>
X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol
To: hackers@freebsd.org
Subject: Netscape security problem - /dev/random?
Date: Sat, 30 Sep 1995 09:07:54 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-hackers@freebsd.org
Precedence: bulk

Hi

With the well-publicised crack of Netscape's security, I am of the
opinion that the system (in fact the kernel) should cooperate in
providing decent random numbers.

In this particular case, "decent" could mean a couple of things -

 - Unguessable. In tthe past folks used to seed their random number
   generators with the time-of-day to get a different start to the
   otherwise predidicable sequence. For security purposes this is no
   good, as an attacker who knows approximately whn you started, has a
   small set of numbers to play with to crack you. If the kernel could
   provide a toutally unpredictable value, this would protect the
   random generator seed.

 - Uniform. the above is assuming that each caller is only looking for
   a very small number of values. Such values may be useless if the
   caller actually needs a large number of uniformly distributed,
   totally random numbers.

These two scenarios are addressed in a pice of code that I have that was
written for Linux by Theodore Ts'o, and it provides 2 new devices -
/dev/random and /dev/urandom which address these concerns.

Those folks interested in exponential key exchange (Diffie-Hellman) and
other crypto concerns will be interested.

I would like to get this code into the kernel (in a few days).

Is anyone else interested?

M
-- 
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@grumble.grondar.za for PGP key