Subject: Re: add rnd(4) to install floppy
To: None <>
From: Jun-ichiro itojun Hagino <>
List: tech-security
Date: 09/06/2003 05:28:40
> On Fri, Sep 05, 2003 at 10:29:56PM +0900, wrote:
> > >Or just install a small cheap cryptographically secure random number
> > >generator into the kernel, and access it though a cheap interface.
> > 
> > 	do you have such code/algorithm?  any references?  if so, we can just
> > 	put that into the kernel and let arc4random() pick randomness out of it
> > 	via sysctl (it already does it now when /dev/urandom is not available).
> > 	no change in userland required.
> Throw out the bathwater and the keep the baby?
> Just put arc4random in the kernel, make the the C library code grab
> the data from the kernel with a sysctl.
> In the kernel everytime you have an event that might, even plausably, be
> random, take the data byte XOR the low bits of the fastest counter you
> have and stir the generator once.

> Run the same code during the boot process (to get randomness from the
> disk reads) and shrink to 64bits (to avoid passing too much junk into the
> kernel) to get some boot time noise [1].

	that is what exactly rnd(4) is doing!