Subject: Re: replace kernel random number function
To: None <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 10/22/2000 11:56:44
In message <20001020230203.097CB7E46@starfruit.itojun.org>, Jun-ichiro itojun H
> i plan to replace kernel random(9) with libc random(3) code,
> or arc4random. any comments?
> current random(9) is too weak, and allows security threat like we saw
> with TCP ISS guessing. libc random(3) code looks enough strong for
> polinomial random number generator.
Where will you get the seeds? That's the really hard part.
arc4 (as a cipher) is not (quite) as random as one would like, in a
cryptographic sense, though it's probably adequate for your purposes.
The right thing to do would be to port yarrow (see www.counterpane.com,
though I don't have the link available just now and I'm offline when
writing this). Unfortunately, it's filled with lots of DLL-ish things.