Re: CVS commit: src/lib/libc

[David Holland <dholland-sourcechanges%netbsd.org@localhost>]

On Mon, Jun 23, 2014 at 07:46:15PM +0000, Taylor R Campbell wrote:
 >    instead? (And can a reference to this be stuffed into the man page?)
 > 
 > Read from /dev/urandom.

...ugh. Can we provide a wrapper around this for transparent casual
use? (Even if it's in libutil and marked not for general consumption?)
Having to open-code the logic every time is really not conducive to
doing things right, and in most arbitrary programs linking with some
crypto lib to start up specific alternative stream ciphers (which will
likely go out of date before the next time someone touches the code
again) would be entirely inappropriate.

There is a reason they came up with and deployed arc4random(), even
though hardwiring it by name to a particular cipher was silly.

 > Or it may be worthwhile to mostly keep the way arc4random(3) works but
 > replace the PRNG, as in the first reimplementation of arc4random(3)
 > above, but rename it.

yes please

 > With either of the later two cases, perhaps we
 > ought to just coopt random(3) for the purpose.

no please (random(3) is not expected to be cryptographically strong,
so code that assumes it is becomes unportable in a subtle and
dangerous way)

Also I think there's code out there that saves and restores the
random(3) state and expects to get repeatable results.

-- 
David A. Holland
dholland%netbsd.org@localhost