From owner-freebsd-current Sun Jan 20 12: 5:11 2002 Delivered-To: freebsd-current@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id 51C8337B404; Sun, 20 Jan 2002 12:05:01 -0800 (PST) Received: (from ache@localhost) by nagual.pp.ru (8.11.6/8.11.6) id g0KK4wh24379; Sun, 20 Jan 2002 23:04:58 +0300 (MSK) (envelope-from ache) Date: Sun, 20 Jan 2002 23:04:56 +0300 From: "Andrey A. Chernov" To: Mark Murray Cc: des@freebsd.org, current@freebsd.org Subject: Re: Step1, pam_unix srandomdev fix for review Message-ID: <20020120200455.GC24138@nagual.pp.ru> References: <20020120185334.GA23348@nagual.pp.ru> <200201201955.g0KJtVt32805@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200201201955.g0KJtVt32805@grimreaper.grondar.org> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jan 20, 2002 at 19:55:31 +0000, Mark Murray wrote: > > This works, but strikes me as overkill. This is salt, not cryptographic > randomness, so 'srandom(junk)' is most likely better as a replacement > for srandomdev() (where 'junk' can be time(), pid or anything similar). You can't call srandom() from the libraries for the same purposes as srandomdev(), i.e. it damages user application current RNG state in the same way. I mean this: 1) User call srandom(3) 2) Library calls srandomdev() or srandom(123) Second step is effectively damages srandom(3) RNG state. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message