Subject: Re: arc4random(9)
To: None <email@example.com>
From: Perry E. Metzger <firstname.lastname@example.org>
Date: 05/29/2002 10:15:56
Thor Lancelot Simon <email@example.com> writes:
> On Tue, May 28, 2002 at 08:23:31PM -0400, Perry E. Metzger wrote:
> > I agree modulo one thing: RC4 is actually more or less as fast as
> > random() once initialized, so there is no real point in using random()
> > -- an RC4 based generator would actually work better and produce much
> > nicer data for things like monte carlo generators.
> Well, then, let's just call it "random()".
Yup -- modulo the fact that I think (I may be mistaken) that Posix may
specify the algorithm.
> We should still rip out the current /dev/urandom interface and replace
> it with one of the two generators specified by the relevant standards;
> even the standard's SHA1-based generator really is no _worse_, and the
> block-cipher generator is in many ways better.
Agreed. (Though I would prefer AES to 3DES by a lot.)
> Yarrow would be a nice idea, but unfortunately the standards in question
> are quite strict, many people building products with NetBSD are _forced_
> to strictly conform to them, and neither one permits Yarrow. The X9.31
> generator, perhaps hooked to an API that lets you choose the block cipher
> used, is probably the best bet.
Perry E. Metzger firstname.lastname@example.org
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/