From owner-cvs-src@FreeBSD.ORG  Fri Aug 15 12:59:39 2003
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 28A5B37B404; Fri, 15 Aug 2003 12:59:39 -0700 (PDT)
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6F06E43F85; Fri, 15 Aug 2003 12:59:37 -0700 (PDT)
	(envelope-from mark@grondar.org)
Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1])
	by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h7FJxVHo074001;
	Fri, 15 Aug 2003 20:59:31 +0100 (BST)
	(envelope-from mark@grondar.org)
Received: (from Ugrondar@localhost)h7FJxVJA074000;
	Fri, 15 Aug 2003 20:59:31 +0100 (BST)
X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to
	mark@grondar.org using -f
Received: from grondar.org (localhost [127.0.0.1])h7FJxBOI004295;
	Fri, 15 Aug 2003 20:59:11 +0100 (BST)
	(envelope-from mark@grondar.org)
From: Mark Murray <mark@grondar.org>
Message-Id: <200308151959.h7FJxBOI004295@grimreaper.grondar.org>
To: Sam Leffler <sam@errno.com>
In-Reply-To: Your message of "Fri, 15 Aug 2003 12:22:03 PDT."
             <88806006.1060950123@melange.errno.com> 
Date: Fri, 15 Aug 2003 20:59:10 +0100
Sender: mark@grondar.org
X-Spam-Status: No, hits=0.2 required=5.0
	tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO,
	      QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES
	version=2.55
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/libkern arc4random.c 
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Aug 2003 19:59:39 -0000

Sam Leffler writes:
> > For the paranoids, this is cheap (almost free), and is solid from a
> > arcfour-neurotic perspective.
> 
> I am not arguing for Mike to remove his change.  I am noting that making 
> changes to critical system components w/o review and/or testing is 
> dangerous.  Going forward we should have some tools for validating changes 
> like this.  If the output of arc4random is available through a sysctl or 
> similar then it could be a tool that sits in /usr/src/tools/tools. 
> Otherwise it would be good to create a test module or similar to shunt 
> arc4random data through rndtest.

Tools can't test what we need tested here. Tools can test for varying
degrees od statistical randomness, but _cryptographic_ randomness
(which equates to "unpredictable by an observer") is harder. The
best we can really do is attack it using cryptographic methodology,
which at its lowest level is code review.

At that level, I have looked at the code, and plan to look at it some
more.

M
--
Mark Murray
iumop ap!sdn w,I idlaH