From owner-cvs-all Fri Feb 14 19:38:16 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D875737B401; Fri, 14 Feb 2003 19:38:12 -0800 (PST) Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0AFF43FBD; Fri, 14 Feb 2003 19:38:11 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h1F3c7bL004012; Fri, 14 Feb 2003 19:38:07 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h1F3c7xV004011; Fri, 14 Feb 2003 19:38:07 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Date: Fri, 14 Feb 2003 19:38:07 -0800 From: David Schultz To: "Andrey A. Chernov" Cc: Nate Lawson , Juli Mallett , Kirk McKusick , src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/newfs mkfs.c src/sys/ufs/ffs ffs_alloc.c ffs_vfsops.c Message-ID: <20030215033807.GB3750@HAL9000.homeunix.com> Mail-Followup-To: "Andrey A. Chernov" , Nate Lawson , Juli Mallett , Kirk McKusick , src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG References: <20030214221503.GA59673@nagual.pp.ru> <20030215022542.GA62285@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030215022542.GA62285@nagual.pp.ru> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thus spake Andrey A. Chernov : > On Fri, Feb 14, 2003 at 16:31:10 -0800, Nate Lawson wrote: > > On Sat, 15 Feb 2003, Andrey A. Chernov wrote: > > > On Fri, Feb 14, 2003 at 15:33:28 -0600, Juli Mallett wrote: > > > > Are the sequences for it also repeatable in the newfs case for e.g. the > > > > regression tests, where it is used unseeded? > > > > > > Obvious answer - no. > > > > > > BTW, this fix really fixes nothing for FreeBSD case because we already use > > > srandomdev() (for non-regression case). > > > > Speaking totally informally, arc4 is more secure for this purpose than an > > LFSR despite seeding the latter via srandomdev(). > > It isn't big news, arc4random() internal state size is 256 bytes while > default random() state size is 124 bytes, but I don't think that anybody > can feel that difference inside short range needed for mkfs. The complaint > is about broken regression test case, not about srandom()->arc4random() > transition taken alone. The issue isn't how random the data ``feels'' according to ad hoc tests; the issue is predictability. NFS relies upon generation numbers being unguessable to prevent unauthenticated clients from spoofing file handles. Even if random() is a pretty good PRNG, arc4random() gives people peace of mind because it uses a real cryptographic hash. If you could guess arc4random() values without knowing the entropy pool, that would likely constitute an attack on RC4 itself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message