Date: Sat, 28 Dec 2002 15:06:24 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Tim Kientzle <kientzle@acm.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Can dhclient rely on /dev/random? Message-ID: <20021228150348.Y10588-100000@patrocles.silby.com> In-Reply-To: <3E0E02F3.6030205@acm.org> References: <3E0E02F3.6030205@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 28 Dec 2002, Tim Kientzle wrote: > Policy Question: is a fast, high-quality > /dev/random a gauranteed feature starting with 5.0? Yes. > Technical Question: is /dev/random sufficient > for the cryptographic requirements of programs > like dhclient, bind, etc? Yes. > I believe both of these are answered 'yes'. > > If so, I'll work up a patch to alter these > programs to rely solely on /dev/random. > I suppose that patch should be sent to the ISC > folks, since those programs are vendor > imports. (?) (I'm envisioning a > FAST_GOOD_DEV_RANDOM compile-time switch; > if set, /dev/random would be the only source > of entropy used.) > > Any pointers/suggestions appreciated, > > Tim Kientzle The only problem is that /dev/urandom and /dev/random might be too slow for direct use whereever random data is needed. However, they are certainly a lot better for seeding an RC4 generator (or something similar) than netstat / ps / etc would be. As such, you may even want to use /dev/urandom under 4.x, although it's nowhere near as good as the /dev/(u)random on 5.x. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021228150348.Y10588-100000>