From owner-cvs-src@FreeBSD.ORG  Fri Aug 15 12:19:38 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4620A37B401; Fri, 15 Aug 2003 12:19:38 -0700 (PDT)
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3AF4943FBF; Fri, 15 Aug 2003 12:19:37 -0700 (PDT)
	(envelope-from phk@phk.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.9/8.12.9) with ESMTP id h7FJJVlX012161;
	Fri, 15 Aug 2003 21:19:31 +0200 (CEST)
	(envelope-from phk@phk.freebsd.dk)
To: Sam Leffler <sam@errno.com>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Fri, 15 Aug 2003 12:17:46 PDT."
             <88549156.1060949866@melange.errno.com> 
Date: Fri, 15 Aug 2003 21:19:31 +0200
Message-ID: <12160.1060975171@critter.freebsd.dk>
cc: cvs-src@FreeBSD.org
cc: Mike Silbersack <silby@silby.com>
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/libkern arc4random.c 
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Aug 2003 19:19:38 -0000

In message <88549156.1060949866@melange.errno.com>, Sam Leffler writes:
>> In message <87953260.1060949270@melange.errno.com>, Sam Leffler writes:
>>>
>>> Note that the data generated by arc4random needs to be exported to user
>>> apps for seeding crypto operations when operating in a chroot'd
>>> environment  where /dev/random is not available.
>>
>> I actually thought about that a bit, and I think "/dev/random" is
>> a wrong concept.
>>
>> I think we should have a randomdata(2) system call instead.
>>
>> Having a /dev/random which is sometimes (chroot/jail) means that
>> applications running under those circumstances are incredible fragile
>> to spoofing by creating a fake "/dev/random" in some way.
>
>openbsd defined a sysctl to get data from arc4random.  They use this as a 
>fallback if /dev/random or similar is not available.  Applications that 
>wanted to be paranoid about spoofing could use this directly.  I have not 
>compared the goodness of the data from /dev/random and arc4random.

A sysctl works for me too.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.