From owner-freebsd-current Sun Jun 18 19:18:37 2000
Delivered-To: freebsd-current@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
by hub.freebsd.org (Postfix) with ESMTP
id 33FBE37BB1E; Sun, 18 Jun 2000 19:18:35 -0700 (PDT)
(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA20763;
Sun, 18 Jun 2000 19:18:35 -0700 (PDT)
(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Sun, 18 Jun 2000 19:18:35 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Warner Losh <imp@village.org>
Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>,
Mark Murray <mark@grondar.za>, current@FreeBSD.ORG
Subject: Re: mktemp() patch
In-Reply-To: <200006190201.UAA52489@harmony.village.org>
Message-ID: <Pine.BSF.4.21.0006181917510.20132-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
On Sun, 18 Jun 2000, Warner Losh wrote:
> In message <394124C3.221E61BC@vangelderen.org> "Jeroen C. van Gelderen" writes:
> : Pseudo random numbers are so cheap (or they should be) that you
> : just don't want to try and 'optimize' here. It is much better to
> : be conservative and use a good PRNG until it *proves* to be very
> : problematic.
>
> I disagree with this strongly. PRNG have proven time and time again
> to weaken security due to their less than random nature. It is my
> judgement that going down this path would be very bad, especially when
> cryptographically strong random number generators exist and are part
> of the base FreeBSD system. We should just use those...
Actually thats what Jeroen was referring to - use of arc4random(). It's
still a PRNG :-)
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message