From owner-freebsd-current  Sun Feb  2 11: 6:55 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id A8C7737B409; Sun,  2 Feb 2003 11:06:53 -0800 (PST)
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 36C7043F75; Sun,  2 Feb 2003 11:06:52 -0800 (PST)
	(envelope-from mark@grondar.org)
Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1])
	by storm.FreeBSD.org.uk (8.12.6/8.12.6) with ESMTP id h12J6pLf079002;
	Sun, 2 Feb 2003 19:06:51 GMT
	(envelope-from mark@grondar.org)
Received: (from Ugrondar@localhost)
	by storm.FreeBSD.org.uk (8.12.6/8.12.6/Submit) with UUCP id h12J6p4N079001;
	Sun, 2 Feb 2003 19:06:51 GMT
X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f
Received: from grondar.org (localhost [127.0.0.1])
	by grimreaper.grondar.org (8.12.6/8.12.6) with ESMTP id h12J0IaX050026;
	Sun, 2 Feb 2003 21:00:18 +0200 (SAST)
	(envelope-from mark@grondar.org)
From: Mark Murray <mark@grondar.org>
Message-Id: <200302021900.h12J0IaX050026@grimreaper.grondar.org>
To: phk@freebsd.org
Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, current@freebsd.org
Subject: Re: rand() is broken 
In-Reply-To: Your message of "Sun, 02 Feb 2003 19:47:12 +0100."
             <32212.1044211632@critter.freebsd.dk> 
Date: Sun, 02 Feb 2003 19:00:18 +0000
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

phk@freebsd.org writes:
> In message <200302021836.h12Ia2aX049696@grimreaper.grondar.org>, Mark Murray 
> wr
> ites:
> 
> >We have most of this, and RC4 can deliver. RC4's "licence" is
> >fine. Call it "ArCFour" and there is no problem. The code is
> >small, fast and repeatable, and meets conditions 1-4 above.
> 
> There are some concerns about RC4's strength and predictability.

Not here. We are talking statistical randomness, not cryptographic.

RC4 is juuuust fine.

> In cases were we just want trivial "randomness", this doesn't matter,
> but when we start to seed it with /dev/random to get good randomness
> we to be more careful.

Sure. srandomdev() needs to "burn" some output.

> Maybe we should spend an AES on it, just in case ?

Hold that thought. The "moral equivalent" of 'dd if=random()
of=/dev/null bs=1 count=4096' is enough for now. Any problems,
and I'll be right with you!

M
--
Mark Murray
iumop ap!sdn w,I idlaH

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message