From owner-cvs-src@FreeBSD.ORG  Fri Aug 15 12:17:48 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D695A37B401; Fri, 15 Aug 2003 12:17:48 -0700 (PDT)
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1759443FA3; Fri, 15 Aug 2003 12:17:48 -0700 (PDT)
	(envelope-from sam@errno.com)
Received: from melange.errno.com (melange.errno.com [66.127.85.82])
	(authenticated bits=0)
	by ebb.errno.com (8.12.9/8.12.9) with ESMTP id h7FJHi7N099284
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Fri, 15 Aug 2003 12:17:47 -0700 (PDT)
	(envelope-from sam@errno.com)
Date: Fri, 15 Aug 2003 12:17:46 -0700
From: Sam Leffler <sam@errno.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Message-ID: <88549156.1060949866@melange.errno.com>
In-Reply-To: <12071.1060974854@critter.freebsd.dk>
References: <12071.1060974854@critter.freebsd.dk>
X-Mailer: Mulberry/3.0.3 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
cc: cvs-src@FreeBSD.org
cc: Mike Silbersack <silby@silby.com>
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/libkern arc4random.c 
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Aug 2003 19:17:49 -0000

> In message <87953260.1060949270@melange.errno.com>, Sam Leffler writes:
>>
>> Note that the data generated by arc4random needs to be exported to user
>> apps for seeding crypto operations when operating in a chroot'd
>> environment  where /dev/random is not available.
>
> I actually thought about that a bit, and I think "/dev/random" is
> a wrong concept.
>
> I think we should have a randomdata(2) system call instead.
>
> Having a /dev/random which is sometimes (chroot/jail) means that
> applications running under those circumstances are incredible fragile
> to spoofing by creating a fake "/dev/random" in some way.

openbsd defined a sysctl to get data from arc4random.  They use this as a 
fallback if /dev/random or similar is not available.  Applications that 
wanted to be paranoid about spoofing could use this directly.  I have not 
compared the goodness of the data from /dev/random and arc4random.

	Sam