Date: Fri, 15 Aug 2003 12:17:46 -0700 From: Sam Leffler <sam@errno.com> To: Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/libkern arc4random.c Message-ID: <88549156.1060949866@melange.errno.com> In-Reply-To: <12071.1060974854@critter.freebsd.dk> References: <12071.1060974854@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <87953260.1060949270@melange.errno.com>, Sam Leffler writes: >> >> Note that the data generated by arc4random needs to be exported to user >> apps for seeding crypto operations when operating in a chroot'd >> environment where /dev/random is not available. > > I actually thought about that a bit, and I think "/dev/random" is > a wrong concept. > > I think we should have a randomdata(2) system call instead. > > Having a /dev/random which is sometimes (chroot/jail) means that > applications running under those circumstances are incredible fragile > to spoofing by creating a fake "/dev/random" in some way. openbsd defined a sysctl to get data from arc4random. They use this as a fallback if /dev/random or similar is not available. Applications that wanted to be paranoid about spoofing could use this directly. I have not compared the goodness of the data from /dev/random and arc4random. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?88549156.1060949866>