Date: Thu, 13 Sep 2007 23:11:48 +0200 From: Roland Smith <rsmith@xs4all.nl> To: Per olof Ljungmark <peo@intersonic.se> Cc: freebsd-questions@freebsd.org Subject: Re: /dev/random question Message-ID: <20070913211148.GA18194@slackbox.xs4all.nl> In-Reply-To: <46E9A455.4090703@intersonic.se> References: <46E94F9A.6050707@intersonic.se> <20070913153630.GA9448@slackbox.xs4all.nl> <20070913173155.0bad12b2@gumby.homeunix.com.> <20070913174537.GA11683@slackbox.xs4all.nl> <46E9A455.4090703@intersonic.se>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, Sep 13, 2007 at 10:57:57PM +0200, Per olof Ljungmark wrote: > Roland Smith wrote: >> On Thu, Sep 13, 2007 at 05:31:55PM +0100, RW wrote: >>> On Thu, 13 Sep 2007 17:36:30 +0200 >>> Roland Smith <rsmith@xs4all.nl> wrote: >>> >>>> On Thu, Sep 13, 2007 at 04:56:26PM +0200, Per olof Ljungmark wrote: >>>>> Hi, >>>>> >>>>> Could someone on the list point me to a document that explains the >>>>> functionality of /dev/random in FreeBSD in a little more depth than >>>>> the man page? In other OS's I've looked at random and urandom are >>>>> different, here it's a symlink (talking about RELENG-6 onwards). >>>> FreeBSD uses the yarrow algorithm, as mentioned in random(4). See >>>> http://en.wikipedia.org/wiki/Yarrow_algorithm >>>> http://www.schneier.com/yarrow.html >>> Yarrow is reseeded with interrupt entropy, and is supposedly good >>> enough not to require the amount of entropy to be tracked. >>> So /dev/random need not block, and there's no need for a separate >>> non-blocking device. >> On the website it says that the original yarrow algorithm is no longer >> supported. It seems to have been replaced by the fortuna algorithm. >> I can't see from the source if /usr/src/sys/dev/random/yarrow.* use the >> original yarrow algorithm, or the improved yarrow-160 aka fortuna. The use >> of >> crypto/rijndael/rijndael-api-fst.h and crypto/sha2/sha2.h seem to >> indicate the latter though. > > Should I conclude then that randomness is sufficient and performance is a > non-issue? Performance isn't an issue, AFAICT. Whether randomness is sufficient depends on what you're using it for. I'd say yes, unless you want to generate one-time pads. There are some test programs that you can download to test for randomness. E.g. http://www.fourmilab.ch/random/ Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFG6aeUEnfvsMMhpyURApfNAJ9nwJhqexST1uTh2rFiVt9ARb4/LQCfQ3D/ W9U0c99Gjm0hmLirReINiNE= =TE10 -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070913211148.GA18194>