Subject: Re: replace kernel random number function
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-security
Date: 10/22/2000 22:58:19
  by mail.netbsd.org with SMTP; 23 Oct 2000 08:44:35 -0000
	by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id EAA20158;
	Mon, 23 Oct 2000 04:47:32 -0400 (EDT)
	by marajade.sandelman.ottawa.on.ca (8.11.0/8.11.0) with ESMTP id e9N2wJ202043;
	Sun, 22 Oct 2000 22:58:19 -0400 (EDT)
Message-Id: <200010230258.e9N2wJ202043@marajade.sandelman.ottawa.on.ca>
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
cc: tech-security@netbsd.org, tech-kern@netbsd.org
Subject: Re: replace kernel random number function 
In-reply-to: Your message of "Sun, 22 Oct 2000 17:13:03 +0200."
             <Pine.GSO.4.21.0010221712390.26027-100000@rfhpc8320.fh-regensburg.de> 
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
Date: Sun, 22 Oct 2000 22:58:19 -0400
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>


>>>>> "Hubert" == Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de> writes:
    Hubert> On Sat, 21 Oct 2000, Jun-ichiro itojun Hagino wrote:
    >> i plan to replace kernel random(9) with libc random(3) code,
    >> or arc4random.  any comments?
    >> 
    >> current random(9) is too weak, and allows security threat like we saw
    >> with TCP ISS guessing.   libc random(3) code looks enough strong for
    >> polinomial random number generator.

    Hubert> Will that give us random(3) -> random(2)?

  It might be nice for applications that want randomness to get it via a
system call rather via /dev/urandom, but I'm not sure that a system call is
better than a device.

  It does have the advantage that there is additional element of
non-determinism due to multiple users of the stream. 

  It could give us non_deterministically_pseudo_random(2), but random(3),
while a PRNG, is deterministic given the same seed. This is pretty important
when debugging applications, and in the case of some simulations and
monte-carlo type processes,  being able to repeat the results.

   :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
   Michael Richardson |          now at 1575 Carling Avenue... 
 Personal: mcr@sandelman.ottawa.on.ca. PGP key available.
 Corporate: <A HREF="mailto:mcr@solidum.com">mcr@solidum.com</A>.