From owner-cvs-src@FreeBSD.ORG Fri Aug 15 12:41:29 2003 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F03F37B404 for ; Fri, 15 Aug 2003 12:41:29 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id B56B443F75 for ; Fri, 15 Aug 2003 12:41:27 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 83883 invoked from network); 15 Aug 2003 19:41:26 -0000 Received: from niwun.pair.com (HELO localhost) (209.68.2.70) by relay.pair.com with SMTP; 15 Aug 2003 19:41:26 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 15 Aug 2003 14:40:35 -0500 (CDT) From: Mike Silbersack To: Sam Leffler In-Reply-To: <87953260.1060949270@melange.errno.com> Message-ID: <20030815143835.T1565@odysseus.silby.com> References: <200308150634.h7F6Ylxw022089@repoman.freebsd.org> <20030815133943.I1565@odysseus.silby.com> <87953260.1060949270@melange.errno.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/libkern arc4random.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2003 19:41:29 -0000 On Fri, 15 Aug 2003, Sam Leffler wrote: > I suggest that being fairly confident about your changes is very different > from testing them. > > > However,I also have no way of knowing if arc4random was working correctly > before > > the commit either... > > If you didn't know how to verify things worked before or after why did you > make these changes? Was there a specific problem you were trying to > address? Well, I tested them in that I read everything through carefully, and I made sure that arc4random was indeed throwing out random-looking data. Beyond that, without knowing how to use the randomness testbench, I'm not sure what other tests I could run. > You could use the rndtest code directly in the kernel to gate the output of > arc4random or you could extract the code and write a user-level test > application. I don't know if Mark Murray has something already along these > lines (presumably he had something from his work on /dev/random). > > Note that the data generated by arc4random needs to be exported to user > apps for seeding crypto operations when operating in a chroot'd environment > where /dev/random is not available. This is something openbsd identified > and that we've not brought over yet (I've known about it for a while but > the work's been pending). As such one should be very careful about futzing > with the goodness of the data arc4random generates. > > Sam Ok, I'll look into using rndtest and exporting arc4random via /dev/arandom and a sysctl. Mike "Silby" Silbersack