Subject: Re: replace kernel random number function
To: None <>
From: Steven M. Bellovin <>
List: tech-kern
Date: 10/22/2000 11:56:44
In message <>, Jun-ichiro itojun H
agino writes:
>	i plan to replace kernel random(9) with libc random(3) code,
>	or arc4random.  any comments?
>	current random(9) is too weak, and allows security threat like we saw
>	with TCP ISS guessing.   libc random(3) code looks enough strong for
>	polinomial random number generator.
Where will you get the seeds?  That's the really hard part.

arc4 (as a cipher) is not (quite) as random as one would like, in a 
cryptographic sense, though it's probably adequate for your purposes.

The right thing to do would be to port yarrow (see, 
though I don't have the link available just now and I'm offline when 
writing this).  Unfortunately, it's filled with lots of DLL-ish things.

		--Steve Bellovin