Date: Sun, 28 Nov 1999 14:24:07 -0500 From: Dan Moschuk <dan@FreeBSD.ORG> To: Warner Losh <imp@village.org> Cc: Dan Moschuk <dan@FreeBSD.ORG>, Kris Kennaway <kris@hub.freebsd.org>, freebsd-audit@FreeBSD.ORG Subject: Re: Last random PID patch before commit Message-ID: <19991128142407.B33514@november.jaded.net> In-Reply-To: <199911281911.MAA85867@harmony.village.org>; from Warner Losh on Sun, Nov 28, 1999 at 12:11:52PM -0700 References: <19991128130432.C33028@november.jaded.net> <19991128012420.A48334@spirit.jaded.net> <Pine.BSF.4.21.9911280042420.89688-100000@hub.freebsd.org> <19991128130432.C33028@november.jaded.net> <199911281911.MAA85867@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
| Hmmm. I think this is a bad idea. The key won't be sufficently
| random since you can count on a number of bits in the stack garbage
| being set due to kernel addresses. This weakens the resulting
| randomness from 2048 bits down to 1500ish bits (assumnig that my read
| of the code gives key a 8 bit size). What's wrong with the
| /dev/random random number stream? This is exactly the sort of thing
| that it is designed for....
|
| Warner
The only problem with the /dev/random stream is that it will not have
sufficient entropy built up by the time the arc4_init() is likely to be called,
at bootup.
Not to say that the way I initialize it is any better, but it will work until
"The best" solution can be found.
I like the idea of replacing our random devices with sys/dev/rnd.c from
OpenBSD.
--
Dan Moschuk (TFreak!dan@freebsd.org)
"Try not. Do, or do not. There is no try."
-- Yoda
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991128142407.B33514>