From owner-freebsd-current Sun Jun 18 19:18:37 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 33FBE37BB1E; Sun, 18 Jun 2000 19:18:35 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA20763; Sun, 18 Jun 2000 19:18:35 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 18 Jun 2000 19:18:35 -0700 (PDT) From: Kris Kennaway To: Warner Losh Cc: "Jeroen C. van Gelderen" , Mark Murray , current@FreeBSD.ORG Subject: Re: mktemp() patch In-Reply-To: <200006190201.UAA52489@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 18 Jun 2000, Warner Losh wrote: > In message <394124C3.221E61BC@vangelderen.org> "Jeroen C. van Gelderen" writes: > : Pseudo random numbers are so cheap (or they should be) that you > : just don't want to try and 'optimize' here. It is much better to > : be conservative and use a good PRNG until it *proves* to be very > : problematic. > > I disagree with this strongly. PRNG have proven time and time again > to weaken security due to their less than random nature. It is my > judgement that going down this path would be very bad, especially when > cryptographically strong random number generators exist and are part > of the base FreeBSD system. We should just use those... Actually thats what Jeroen was referring to - use of arc4random(). It's still a PRNG :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message