Subject: Re: IP layer security
To: Adam Glass <glass@NetBSD.ORG>
From: Greg Hudson <ghudson@MIT.EDU>
List: tech-net
Date: 01/28/1995 19:13:36
Adam Glass writes:
> I really don't think random number functionality should appear in
> the kernel.  I don't see any reason why this should be a kernel
> service.

There isn't anywhere else to put it.  We're not talking about
pseudo-random number generation; truly random numbers have to come
from the kernel, coming either from an external random number
generator device or from interrupt statistics.  You can argue that
random number functionality should not exist, but the argument "it
doesn't belong in the kernel" doesn't apply.

I'm not sure whether interrupt statistics are necessarily good enough
for IP-layer security, which might demand an awful lot of random data.
I also have my doubts about just how random they are (whether you can
bias them by sending a stream of packets at the machine, for instance,
or guess at them in various ways), but that's probably

> fyi: the driver you refer to is GPLed to my knowledge and thus would
> never appear in the kernel as distributed from us.

Ted T'so (my nominal supervisor at work) may or may not be willing to
release the driver under a Berkeley-style copyright.  I can ask him,
since he's probably not on this list.