From owner-freebsd-hackers@FreeBSD.ORG Sat Jul 9 08:36:32 2005 Return-Path: X-Original-To: freebsd-hackers@FreeBSD.org Delivered-To: freebsd-hackers@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5ADC16A41C for ; Sat, 9 Jul 2005 08:36:32 +0000 (GMT) (envelope-from silby@silby.com) Received: from relay.pair.com (relay00.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 4D2CB43D53 for ; Sat, 9 Jul 2005 08:36:32 +0000 (GMT) (envelope-from silby@silby.com) Received: (qmail 29344 invoked from network); 9 Jul 2005 08:36:30 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 9 Jul 2005 08:36:30 -0000 X-pair-Authenticated: 209.68.2.70 Date: Sat, 9 Jul 2005 03:36:04 -0500 (CDT) From: Mike Silbersack To: Jeremie Le Hen In-Reply-To: <20050709081550.GR39292@obiwan.tataz.chchile.org> Message-ID: <20050709032937.N26713@odysseus.silby.com> References: <20050708153506.GM39292@obiwan.tataz.chchile.org> <20050708192104.Q26713@odysseus.silby.com> <20050709081550.GR39292@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@FreeBSD.org Subject: Re: ProPolice: best way to fill canary X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jul 2005 08:36:33 -0000 On Sat, 9 Jul 2005, Jeremie Le Hen wrote: > Thanks for you answer. In that case, which sysctl should we use ? > > * OpenBSD's kern.arnd (KERN_ARND) which is a front-end to > the arc4random() function ? > > * NetBSD's kern.urandom (KERN_URND) which is using the rnd(4) > pseudo-device. They also have KERN_ARND in sysctl.h, which > is no more than a #define of KERN_URND, for compatibility > with OpenBSD. > > Usually, I noticed that FreeBSD used to be as close as possible with > NetBSD. But I would like to hear the voice of a more experienced > hacker about this. > > Thanks. > Best regards, > -- > Jeremie Le Hen I wouldn't say that we favor code from any one project over another, every situation is different. In this case, I'm personally rather indifferent - both RNGs should supply good entropy. Arc4 may be a bit faster (I don't know if anyone has benchmarked by how much), so for this purpose it would seem to be the one to use. I can commit any patches you have after the 6.0 code freeze ends, which should be in the next few weeks. (It can be MFC'd to 6.0 and 5.4 after that as well.) Mike "Silby" Silbersack