From owner-cvs-all@FreeBSD.ORG Fri Aug 15 12:19:38 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4620A37B401; Fri, 15 Aug 2003 12:19:38 -0700 (PDT) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AF4943FBF; Fri, 15 Aug 2003 12:19:37 -0700 (PDT) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.12.9/8.12.9) with ESMTP id h7FJJVlX012161; Fri, 15 Aug 2003 21:19:31 +0200 (CEST) (envelope-from phk@phk.freebsd.dk) To: Sam Leffler From: "Poul-Henning Kamp" In-Reply-To: Your message of "Fri, 15 Aug 2003 12:17:46 PDT." <88549156.1060949866@melange.errno.com> Date: Fri, 15 Aug 2003 21:19:31 +0200 Message-ID: <12160.1060975171@critter.freebsd.dk> cc: cvs-src@FreeBSD.org cc: Mike Silbersack cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/libkern arc4random.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2003 19:19:38 -0000 In message <88549156.1060949866@melange.errno.com>, Sam Leffler writes: >> In message <87953260.1060949270@melange.errno.com>, Sam Leffler writes: >>> >>> Note that the data generated by arc4random needs to be exported to user >>> apps for seeding crypto operations when operating in a chroot'd >>> environment where /dev/random is not available. >> >> I actually thought about that a bit, and I think "/dev/random" is >> a wrong concept. >> >> I think we should have a randomdata(2) system call instead. >> >> Having a /dev/random which is sometimes (chroot/jail) means that >> applications running under those circumstances are incredible fragile >> to spoofing by creating a fake "/dev/random" in some way. > >openbsd defined a sysctl to get data from arc4random. They use this as a >fallback if /dev/random or similar is not available. Applications that >wanted to be paranoid about spoofing could use this directly. I have not >compared the goodness of the data from /dev/random and arc4random. A sysctl works for me too. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.