From owner-freebsd-current Fri Jun 9 13: 2:45 2000 Delivered-To: freebsd-current@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id BC60E37C59C; Fri, 9 Jun 2000 13:02:36 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id WAA00773; Fri, 9 Jun 2000 22:02:44 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200006092002.WAA00773@grimreaper.grondar.za> To: "Jeroen C. van Gelderen" Cc: Kris Kennaway , current@FreeBSD.ORG Subject: Re: mktemp() patch References: <394124C3.221E61BC@vangelderen.org> In-Reply-To: <394124C3.221E61BC@vangelderen.org> ; from "Jeroen C. van Gelderen" "Fri, 09 Jun 2000 13:09:23 -0400." Date: Fri, 09 Jun 2000 22:02:44 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > But I repeat myself; are you still intending to use cryptographic security > > for one bit? What does that buy you? An attacker will laugh at the waste > > of resources that went into a coin-flip :-). Much better is to use something > > cheaper like time-of-day XOR 1 << whatever. > > Pseudo random numbers are so cheap (or they should be) that you > just don't want to try and 'optimize' here. It is much better to > be conservative and use a good PRNG until it *proves* to be very > problematic. Why not just XOR the whole lot into the current ${randomnumber}? That way, at least the effort of the whole calculation is not wasted as much. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message