From owner-freebsd-audit  Sun Nov 28 11:24:27 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from november.jaded.net (november.jaded.net [216.94.113.4])
	by hub.freebsd.org (Postfix) with ESMTP
	id 77BFC1566D; Sun, 28 Nov 1999 11:24:11 -0800 (PST)
	(envelope-from dan@november.jaded.net)
Received: (from dan@localhost)
	by november.jaded.net (8.9.3/8.9.3+trinsec_nospam) id OAA33619;
	Sun, 28 Nov 1999 14:24:08 -0500 (EST)
Date: Sun, 28 Nov 1999 14:24:07 -0500
From: Dan Moschuk <dan@FreeBSD.ORG>
To: Warner Losh <imp@village.org>
Cc: Dan Moschuk <dan@FreeBSD.ORG>,
	Kris Kennaway <kris@hub.freebsd.org>, freebsd-audit@FreeBSD.ORG
Subject: Re: Last random PID patch before commit
Message-ID: <19991128142407.B33514@november.jaded.net>
References: <19991128130432.C33028@november.jaded.net> <19991128012420.A48334@spirit.jaded.net> <Pine.BSF.4.21.9911280042420.89688-100000@hub.freebsd.org> <19991128130432.C33028@november.jaded.net> <199911281911.MAA85867@harmony.village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <199911281911.MAA85867@harmony.village.org>; from Warner Losh on Sun, Nov 28, 1999 at 12:11:52PM -0700
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


| Hmmm.  I think this is a bad idea.  The key won't be sufficently
| random since you can count on a number of bits in the stack garbage
| being set due to kernel addresses.  This weakens the resulting
| randomness from 2048 bits down to 1500ish bits (assumnig that my read
| of the code gives key a 8 bit size).  What's wrong with the
| /dev/random random number stream?  This is exactly the sort of thing
| that it is designed for....
| 
| Warner

The only problem with the /dev/random stream is that it will not have 
sufficient entropy built up by the time the arc4_init() is likely to be called,
at bootup.

Not to say that the way I initialize it is any better, but it will work until
"The best" solution can be found.

I like the idea of replacing our random devices with sys/dev/rnd.c from
OpenBSD.

-- 
Dan Moschuk (TFreak!dan@freebsd.org)
"Try not.  Do, or do not.  There is no try."
                        -- Yoda


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message