From owner-freebsd-current Fri Jun 9 23:24: 1 2000 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 542) id 5FED637B6AB; Fri, 9 Jun 2000 23:23:58 -0700 (PDT) Date: Fri, 9 Jun 2000 23:23:58 -0700 From: "Andrey A. Chernov" To: "Jeroen C. van Gelderen" Cc: Mark Murray , Kris Kennaway , current@FreeBSD.ORG Subject: Re: mktemp() patch Message-ID: <20000609232358.A38967@freebsd.org> References: <394124C3.221E61BC@vangelderen.org> <200006092002.WAA00773@grimreaper.grondar.za> <20000609155342.B33329@freebsd.org> <39417FA5.F260EAA8@vangelderen.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <39417FA5.F260EAA8@vangelderen.org>; from jeroen@vangelderen.org on Fri, Jun 09, 2000 at 07:37:09PM -0400 Organization: Biomechanoid Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Jun 09, 2000 at 07:37:09PM -0400, Jeroen C. van Gelderen wrote: > > Why to XOR true random bits from arc4random() with non-random bits from > > getpid()? It only weakens. Better way is just remove any getpid() code and > > left arc4random() only. > > Then you will get collisions which you will have to deal with. I am not > familiar with the code but if we can handle collisions nicely then that > would be the way to go: 64^6 = 2^36 possibilities which is nice... 1) Just totally opposite: mixing random with non-random sources you'll get into collision much faster then with random source only. 2) Yet, of course, the code handles collisions. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message