>>>>> "Hubert" == Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de> writes:
    Hubert> On Sat, 21 Oct 2000, Jun-ichiro itojun Hagino wrote:
    >> i plan to replace kernel random(9) with libc random(3) code,
    >> or arc4random.  any comments?
    >> 
    >> current random(9) is too weak, and allows security threat like we saw
    >> with TCP ISS guessing.   libc random(3) code looks enough strong for
    >> polinomial random number generator.

    Hubert> Will that give us random(3) -> random(2)?

  It might be nice for applications that want randomness to get it via a
system call rather via /dev/urandom, but I'm not sure that a system call is
better than a device.

  It does have the advantage that there is additional element of
non-determinism due to multiple users of the stream. 

  It could give us non_deterministically_pseudo_random(2), but random(3),
while a PRNG, is deterministic given the same seed. This is pretty important
when debugging applications, and in the case of some simulations and
monte-carlo type processes,  being able to repeat the results.

   :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
   Michael Richardson |          now at 1575 Carling Avenue... 
 Personal: mcr@sandelman.ottawa.on.ca. PGP key available.
 Corporate: <A HREF="mailto:mcr@solidum.com">mcr@solidum.com</A>.