On Thu, 1 May 1997, Greg Troxel wrote:

> You didn't say what your application is, but since you mentioned not
> being able to find things out without root access, it sounds like it
> might be cryptography.  In that case I'd advise you to stay away from
> gettimeofday as your sole source of randomness.

I don't want to describe exactly what it is in public e-mail (because even
'the bad guys' have access to this list), but I guess it's sort of like
cryptography.  Currently I'm XORing a number of values, including tv_usec
when the program starts, and after a user-input prompt (user reponse time
is pretty unpredictable).  I'm thinking I'm going to need to keep a
datafile with a seed component in it and make the program setuid, but I
don't know if it's worth all that - I really don't think anyone will
attempt to crack it, but I don't want to take any chances, I only feel
safe when I know I myself can't abuse a program I wrote.

> You also didn't way what port you are using, or whether you wish to
> write portable code; there is no reason to expect all ports to behave
> the same way, since the underlying hardware facilities will differ.

I'm using i386, and no, it doesn't need to be portable at all.  Even if
there is some pseudo-random value that I could grab out of memory.

Thanks,
	Rick

=========================================================================
Rick Byers                                      Internet Access Worldwide
rickb@iaw.on.ca                                      System Administrator
Welland, Ontario, Canada                                    (905)714-1400
http://www.iaw.on.ca/rickb/                         http://www.iaw.on.ca/