From owner-freebsd-current Thu Jun 8 10:24:29 2000 Delivered-To: freebsd-current@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id E192A37B893; Thu, 8 Jun 2000 10:24:03 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id TAA00705; Thu, 8 Jun 2000 19:24:11 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200006081724.TAA00705@grimreaper.grondar.za> To: Kris Kennaway Cc: Mark Murray , current@FreeBSD.ORG Subject: Re: mktemp() patch References: In-Reply-To: ; from Kris Kennaway "Wed, 07 Jun 2000 23:44:02 MST." Date: Thu, 08 Jun 2000 19:24:10 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > What is the purpose of this? It looks hugely wasteful to me. If you > > really need a single random bit, it is not good to waste a block of > > hard-gained gryptographic randomness; can you not use a pseudo-random > > bit-generator? > > arc4random() does not consume entropy except the first time it is called > and when explicitly reseeded through arc4random_stir(). Apart from that > it's a deterministic function (the arc4 stream cipher), but it's still a > reasonably good cryptographic PRNG because arc4 is a cryptographically > strong algorithm. But I repeat myself; are you still intending to use cryptographic security for one bit? What does that buy you? An attacker will laugh at the waste of resources that went into a coin-flip :-). Much better is to use something cheaper like time-of-day XOR 1 << whatever. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message