On Tue, May 28, 2002 at 06:44:44PM -0400, Thor Lancelot Simon wrote:

 > What does "better than random() but not as good as /dev/urandom" *mean*?
 > Does it mean "not a linear congruential generator, but not cryptographically
 > strong"?  Or is it simply "more expensive than random() and hopefully less
 > predictable", or, well, something else?

The point of arc4random() is that it is "better" (in the sense that it's
not as predictable, etc.) than traditional random(), yet is much faster
than a generator which is cryptographically strong.

It's fine for things like sequence numbers, pids, the SYN cache hash secret,
whatever, where you don't need strong random numbers, just "pretty random"
numbers.

It is certainly not fine for e.g. a CBC IV.

You want to have multiple interfaces:

	- traditional random(), which can be used for reproducing results.

	- fast-and-pretty-good generator for things which don't need
	  cryptographically strong random numbers, just "pretty good"
	  ones.

	- cryptographically strong generator for cases where you need it.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>