From owner-freebsd-hackers Sat Dec 28 12:59:37 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF1AD37B401 for ; Sat, 28 Dec 2002 12:59:35 -0800 (PST) Received: from patrocles.silby.com (d10.as14.nwbl0.wi.voyager.net [169.207.134.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C87F743EA9 for ; Sat, 28 Dec 2002 12:59:33 -0800 (PST) (envelope-from silby@silby.com) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.6/8.12.6) with ESMTP id gBSL6R8U011081; Sat, 28 Dec 2002 15:06:27 -0600 (CST) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.6/8.12.6/Submit) with ESMTP id gBSL6Pfh011078; Sat, 28 Dec 2002 15:06:26 -0600 (CST) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Sat, 28 Dec 2002 15:06:24 -0600 (CST) From: Mike Silbersack To: Tim Kientzle Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Can dhclient rely on /dev/random? In-Reply-To: <3E0E02F3.6030205@acm.org> Message-ID: <20021228150348.Y10588-100000@patrocles.silby.com> References: <3E0E02F3.6030205@acm.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, 28 Dec 2002, Tim Kientzle wrote: > Policy Question: is a fast, high-quality > /dev/random a gauranteed feature starting with 5.0? Yes. > Technical Question: is /dev/random sufficient > for the cryptographic requirements of programs > like dhclient, bind, etc? Yes. > I believe both of these are answered 'yes'. > > If so, I'll work up a patch to alter these > programs to rely solely on /dev/random. > I suppose that patch should be sent to the ISC > folks, since those programs are vendor > imports. (?) (I'm envisioning a > FAST_GOOD_DEV_RANDOM compile-time switch; > if set, /dev/random would be the only source > of entropy used.) > > Any pointers/suggestions appreciated, > > Tim Kientzle The only problem is that /dev/urandom and /dev/random might be too slow for direct use whereever random data is needed. However, they are certainly a lot better for seeding an RC4 generator (or something similar) than netstat / ps / etc would be. As such, you may even want to use /dev/urandom under 4.x, although it's nowhere near as good as the /dev/(u)random on 5.x. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message