Subject: Re: random()
To: None <>
From: Steven M. Bellovin <>
List: tech-security
Date: 09/05/2003 20:56:44
In message <>, Thor Lancelot Simon writes:
>On Sat, Sep 06, 2003 at 07:48:15AM +0900, Jun-ichiro itojun Hagino wrote:
>> perry:
>> > Then perhaps we should remove random(9) before it causes more trouble,
>> > or at least disable building it for now.
>> 	if there's no special reason for using random(9), could you please
>> 	replace them with arc4random()? (mask it with INT32_MAX if you don't
>> 	want the top bit set)
>> 	or we could do following in sys/lib/libkern/random.c:
>> u_long
>> random()
>> {
>> 	return arc4random() & INT32_MAX;
>Unfortunately, this won't work.  The profiling code requires that random()'s
>output be uniform on [0, 2^31 -1 ].  I'm pretty sure RC4 output does not 
>have this property.

It's pretty good but not perfect.  I suspect that it's good enough for 
profiling.  It would help to discard the first bytes generated by each 
new key -- at least 16 bytes, probably 256 or even 512.

		--Steve Bellovin,