From owner-cvs-src@FreeBSD.ORG Fri Aug 15 12:59:39 2003 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 012D537B401; Fri, 15 Aug 2003 12:59:39 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F23643FAF; Fri, 15 Aug 2003 12:59:37 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h7FJxVHo073996; Fri, 15 Aug 2003 20:59:31 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h7FJxVKv073995; Fri, 15 Aug 2003 20:59:31 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h7FJstOI004259; Fri, 15 Aug 2003 20:54:55 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200308151954.h7FJstOI004259@grimreaper.grondar.org> To: Sam Leffler In-Reply-To: Your message of "Fri, 15 Aug 2003 12:17:46 PDT." <88549156.1060949866@melange.errno.com> Date: Fri, 15 Aug 2003 20:54:54 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/libkern arc4random.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2003 19:59:39 -0000 Sam Leffler writes: > > Having a /dev/random which is sometimes (chroot/jail) means that > > applications running under those circumstances are incredible fragile > > to spoofing by creating a fake "/dev/random" in some way. > > openbsd defined a sysctl to get data from arc4random. They use this as a > fallback if /dev/random or similar is not available. Applications that > wanted to be paranoid about spoofing could use this directly. I have not > compared the goodness of the data from /dev/random and arc4random. I am working on an openbsd-compatible sysctl. M -- Mark Murray iumop ap!sdn w,I idlaH