Subject: Re: arc4random(9)
To: Jason R Thorpe <thorpej@wasabisystems.com>
From: None <xs@kittenz.org>
List: tech-kern
Date: 05/28/2002 21:52:21
on Tue, May 28, 2002 at 01:06:33PM -0700, Jason R Thorpe wrote:
> We should have a good API for which arc4random() can be a crappy-api-wrapper
> (not only is the name stupid, but how it returns data is also stupid; it
> should just put a pseudo-random data stream into a caller-provided buffer,
> rather than returning a 32-bit value).

What about RAND_bytes(3), etc as provided by openssl? I don't like the naming
convention (nor that "num" is an int.)

The secure programming howto, suggests Yarrow as a good cryptographically
strong PRNG, and also points to the informational RFC 1750.
(<http://www.tldp.org/HOWTO/Secure-Programs-HOWTO/index.html>)