From owner-freebsd-security@FreeBSD.ORG Sat Jul 19 20:47:33 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 109CCA6C for ; Sat, 19 Jul 2014 20:47:33 +0000 (UTC) Received: from manchester-1.man.uk.cluster.ok24.net (manchester-1.man.uk.cluster.ok24.net [213.138.100.64]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 975D52D24 for ; Sat, 19 Jul 2014 20:47:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=simple/simple; d=pyro.eu.org; s=07.2014; h=Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=wF4xBy6NQYycUo+c6457sJ/fh5YKQMSHcwoOE0Qku5o=; b=xIF15E+Y7itzfOsg81pQnysIO1asKMLY6DwagX9XLGizbJaGqBG6PNyue604e/wjPdhO8ttX2VC3htukzAFjMBVb0H9fGnSFca6iwMpdVTuqrXCMZ+tyIpU/3TUUM4bpXB4XL2ot7pc7JgLvyFxoM5LibQfPARzmiz90dAh+vgo=; X-Spam-Status: No, score=-1.1 required=2.0 tests=ALL_TRUSTED, BAYES_00, DKIM_ADSP_DISCARD Received: from guisborough-1.rcc.uk.cluster.ok24.net ([217.155.40.118]) by manchester-1.man.uk.cluster.ok24.net with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80) (envelope-from ) id 1X8bXN-0005Pq-Ka; Sat, 19 Jul 2014 21:47:23 +0100 Received: from [10.0.1.191] by guisborough-1.rcc.uk.cluster.ok24.net with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.80) (envelope-from ) id 1X8bXM-0005ax-LB; Sat, 19 Jul 2014 21:47:20 +0100 Message-ID: <53CAD950.1010609@pyro.eu.org> Date: Sat, 19 Jul 2014 21:47:12 +0100 From: Steven Chamberlain User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.6.0 MIME-Version: 1.0 To: Konstantin Belousov , freebsd-security@freebsd.org Subject: Re: Speed and security of /dev/urandom References: <53C85F42.1000704@pyro.eu.org> <20140719190348.GM45513@funkthat.com> <20140719192605.GV93733@kib.kiev.ua> In-Reply-To: <20140719192605.GV93733@kib.kiev.ua> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hLvdpv21lS3oPbUFC8JOBeBsopI815V9j" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2014 20:47:33 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hLvdpv21lS3oPbUFC8JOBeBsopI815V9j Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 19/07/14 20:26, Konstantin Belousov wrote: > I think that using sysctl for non-management functionality is wrong. > If this feature is for the libraries and applications, and not for > system management and introspection utilities, it should be normal > syscall. If this is only to seed the arc4random in userland (with ~256 bytes or so), it would be just like OpenBSD getentropy(2)? Just yesterday, something very similar is proposed for Linux, called getrandom(2): http://lists.openwall.net/linux-kernel/2014/07/18/329 Regards, --=20 Steven Chamberlain steven@pyro.eu.org --hLvdpv21lS3oPbUFC8JOBeBsopI815V9j Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQEcBAEBCAAGBQJTytlQAAoJEJeL0N0LpZiv26QH/0C0p1mNsDlmPGRqZoUplWci RpoVLaL1UA2eXNWDwekv3muaRmVj4HhIUmS1MxbaOB25UaOcSl4opzl5EfGQbUAu IxTjOJCZ7IZxFgCRSCv146QBeZc9xhIic43wo9pH7MLSjew5x4PSyhQHl1CTnECl Sp/XJbuLkqdbNieWRmJDOeIQjQSHG+HOBpO6AlnjhVx7ndgxQXqcWfEqOhu9zYNd Rh0lY4NGcjspqqFmcPctB0SOpD0WQl2LkgIUSJyKlBusb2sVkkL039Rs1iiru5lI RmvZWAUtvRGfdNtZAtFYP2Yhba7le+iwvURlYn4P3k6p6ITM0aF58ztU+6443uM= =pnnz -----END PGP SIGNATURE----- --hLvdpv21lS3oPbUFC8JOBeBsopI815V9j--