From owner-freebsd-hackers  Sat Dec 28 13:32:51 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6E57237B401
	for <freebsd-hackers@FreeBSD.ORG>; Sat, 28 Dec 2002 13:32:50 -0800 (PST)
Received: from clover.kientzle.com (user-112uh9a.biz.mindspring.com [66.47.69.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C53F643EDC
	for <freebsd-hackers@FreeBSD.ORG>; Sat, 28 Dec 2002 13:32:49 -0800 (PST)
	(envelope-from kientzle@acm.org)
Received: from acm.org (c43 [66.47.69.43])
	by clover.kientzle.com (8.11.3/8.11.3) with ESMTP id gBSLWgE19329;
	Sat, 28 Dec 2002 13:32:42 -0800 (PST)
	(envelope-from kientzle@acm.org)
Message-ID: <3E0E1879.6090801@acm.org>
Date: Sat, 28 Dec 2002 13:32:41 -0800
From: Tim Kientzle <kientzle@acm.org>
Reply-To: kientzle@acm.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.6) Gecko/20011206
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Mike Silbersack <silby@silby.com>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Can dhclient rely on /dev/random?
References: <3E0E02F3.6030205@acm.org> <20021228150348.Y10588-100000@patrocles.silby.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Mike Silbersack wrote:

> On Sat, 28 Dec 2002, Tim Kientzle wrote:

>>Technical Question: is /dev/random sufficient
>>for the cryptographic requirements of programs
>>like dhclient, bind, etc?
> 
> Yes.
> 

> The only problem is that /dev/urandom and /dev/random might be too slow ...


I've clocked /dev/random on -current at
just about 10MB/s (on a 1GHz AMD Duron).  That's
plenty fast enough for generating session keys. ;-)

> ... you may even want to use
> /dev/urandom under 4.x, although it's nowhere near as good as the
> /dev/(u)random on 5.x.


If this code is just used for generating occasional
keys, 4.x's /dev/random may well suffice.  As I
dig deeper, though, I'm starting to suspect that
this code isn't actually used by dhclient at all.
That would suggest a much simpler fix... ;-)

Tim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message