From owner-freebsd-security@FreeBSD.ORG Fri Jul 18 20:37:29 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F23509A9 for ; Fri, 18 Jul 2014 20:37:29 +0000 (UTC) Received: from mail-la0-f41.google.com (mail-la0-f41.google.com [209.85.215.41]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 799CE2C34 for ; Fri, 18 Jul 2014 20:37:28 +0000 (UTC) Received: by mail-la0-f41.google.com with SMTP id s18so3298858lam.0 for ; Fri, 18 Jul 2014 13:37:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=yVAgYtgGIMW8sAMZM5YULCbHMHiJwj2WqF8JjQxV6uU=; b=hxgcres0Da2OdXUU0WPGxBOnhJOBjuRgc0qPDnB16DOkR8IlmUtbJug/s8jA5NK2ZL +yQwuTJDHqR+FtxC9oHhGn5yXg7MwGSf8Wo5Ub669Jwd3iQBJcHbRk0RHJGwISkYbZiz fHI9mZ+cXLXnNdTB9fA94uKqHlTIvCijii/e0ZBA052kJcMCGJtzVgwBqST/csfq9AZv jkKeXfWZUJZ7wC1zj6nB/ySH8556el0I7V9R90l5HpnHzgu0Gz2LXx5f5KyG6bjfNczV aNcOc2MbK2uep+Rrqwom85lFi1vm3HeBeDdYi9g15tKnA0aQMwabDoj35ThSI7Cv1Rbw gGMw== X-Gm-Message-State: ALoCoQmlTqm5/HVCeLASIP++XwRhIfmKYn6x32mmfIN8PrRzTqL18UB/hUQw0M6U6skkoDWijPp6 X-Received: by 10.152.87.207 with SMTP id ba15mr7952668lab.15.1405715841185; Fri, 18 Jul 2014 13:37:21 -0700 (PDT) Received: from [192.168.1.2] ([89.169.173.68]) by mx.google.com with ESMTPSA id jk5sm10962869lbc.26.2014.07.18.13.37.20 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 18 Jul 2014 13:37:20 -0700 (PDT) Message-ID: <53C9857D.6000806@freebsd.org> Date: Sat, 19 Jul 2014 00:37:17 +0400 From: Andrey Chernov User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Steven Chamberlain , freebsd-security@freebsd.org Subject: Re: Speed and security of /dev/urandom References: <53C85F42.1000704@pyro.eu.org> In-Reply-To: <53C85F42.1000704@pyro.eu.org> Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2014 20:37:30 -0000 On 18.07.2014 3:41, Steven Chamberlain wrote: > Is there a good reason arc4random_buf() can't take bytes directly from > /dev/urandom or sysctl KERN_ARND? Therefore no longer needing to seed > first, periodically reseed, or use any stream cipher? One of the reason I hear is that true random entropy bits can be quickly exhausted if every userland program will drain them so much. -- http://ache.vniz.net/