From owner-freebsd-hackers Sun Dec 29 0:22: 6 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F61137B401 for ; Sun, 29 Dec 2002 00:22:05 -0800 (PST) Received: from patrocles.silby.com (d155.as14.nwbl0.wi.voyager.net [169.207.136.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 869E143EB2 for ; Sun, 29 Dec 2002 00:22:03 -0800 (PST) (envelope-from silby@silby.com) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.6/8.12.6) with ESMTP id gBT8T38U014101; Sun, 29 Dec 2002 02:29:03 -0600 (CST) (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.6/8.12.6/Submit) with ESMTP id gBT8T1db014098; Sun, 29 Dec 2002 02:29:02 -0600 (CST) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Sun, 29 Dec 2002 02:29:00 -0600 (CST) From: Mike Silbersack To: Tim Kientzle Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Can dhclient rely on /dev/random? In-Reply-To: <3E0E1879.6090801@acm.org> Message-ID: <20021229022705.L12856-100000@patrocles.silby.com> References: <3E0E02F3.6030205@acm.org> <20021228150348.Y10588-100000@patrocles.silby.com> <3E0E1879.6090801@acm.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, 28 Dec 2002, Tim Kientzle wrote: > I've clocked /dev/random on -current at > just about 10MB/s (on a 1GHz AMD Duron). That's > plenty fast enough for generating session keys. ;-) Sounds like it, I didn't realize it was that fast. :) > If this code is just used for generating occasional > keys, 4.x's /dev/random may well suffice. As I > dig deeper, though, I'm starting to suspect that > this code isn't actually used by dhclient at all. > That would suggest a much simpler fix... ;-) > > Tim Warning! Warning! Under 4.x, you probably want to use /dev/urandom. The reason for this is that /dev/random is only guaranteed to give you values when it can guarantee that you're getting "good" randomness. And as 4.x doesn't harvest many entropy sources by default, there's little "good" randomness, and you'll get nothing! /dev/urandom's "bad" randomness is certainly better than no randomness at all. :) Of course, if dhclient doesn't need any randomness, then I guess you don't have to worry. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message