Date: Sun, 28 Nov 1999 11:06:35 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Dan Moschuk <dan@freebsd.org> Cc: freebsd-audit@freebsd.org Subject: Re: Last random PID patch before commit Message-ID: <Pine.BSF.4.21.9911281055390.80171-100000@hub.freebsd.org> In-Reply-To: <19991128130432.C33028@november.jaded.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 28 Nov 1999, Dan Moschuk wrote:
> Correct. That's probably not the best way of doing it, however, I'm not
> convinced that /dev/random is the best way either. My other idea was to
Why not? I've shown it's at least better than your current implementation.
If you're worried about having 0 entropy in the pool (which would
degenerate it to the strength of what's in your patch now) then you should
add some instrumentation to your test kernel to print the size of the pool
at initialisation time. Trying to guess things isn't a good idea when
you're trying to improve security.
> leave key[256] uninitialized and just use whatever happens to be there.
Erk - this sounds even worse. How do you know that is going to be anywhere
close to random?
> | > + if (nextpid >= PID_MAX || randompid) {
> | > + nextpid = (randompid) ? arc4random() % PID_MAX : 100;
> | > pidchecked = 0;
> | > }
> |
> | You only seem to be randomizing the PIDs in the case when they wrap around
> | to 0. OpenBSD have an extra conditional in there which forces this to
> | always be the case.
>
> Err. Check that again.
My mistake, sorry. I was on a slow link and got confused trying to compare
the code on the other end.
> | Why not just use the arc4random.c we already have (+ any openbsd changes)
> | and tweak it, instead of rewriting from scratch? sys/dev/rnd.c in
> | OpenBSD..
>
> A few reasons.
>
> i) At the time, I planned on arc4random.c becoming arc4.c in favour of my
> if_vpn that I hope to get around to actually writing. However, it soon
> dawned on me that using a stream cipher for an unreliable transmit medium
> (ie Internet) is *VERY* stupid (think packet loss).
>
> ii) It's more fun writing it from scratch. :-)
NIH :-) Please just use arc4random.c..as I described in my last message,
it's a better implementation, and we're reducing our long-term
maintenance burden.
-Kris
----
Just remember, as you celebrate Thanksgiving with your family feasts of
turkey, cranberries, stuffing, gravy, mashed potatoes, squash, corn,
cornbread, apples, pickles, dumplings, fish, orangutans, fruitbats,
breakfast cereals, and so forth, to keep in mind the true reason for the
season: The birth of Santa.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911281055390.80171-100000>