Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sbin/newfs



David Laight <david%l8s.co.uk@localhost> writes:
> > > Maybe arc4random() could be used instead?
> > 
> > I'm not a huge believer in arc4random(), but it would be a strict (and
> > indeed substantial) improvement over a linear congruential generator,
> > yes. I would suggest making the alteration, and in the longer run we
> > should discuss improved algorithms.
> 
> Actually random() insn't a 'linear congruential generator', it is
> an 'Additive generator'. But to quote Schneier:
>     Additive generators (sometimes called lagged Fibonacci generators) are
>     extremely efficient because they produce random words instead of randmon
>     bits.  They are not secure on their own, but can be used as building
>     blocks for secure generators.

I don't think random() is in any case secure, or could be made secure
easily.

> The RC4 based random sequence generator is probably secure, given
> unknown key state.  RC4 itself is a trademarked - so an implementation
> has to call itself something else.

Ours calls itself "arc4", which is not a trademark.

-- 
Perry E. Metzger                perry%piermont.com@localhost



Home | Main Index | Thread Index | Old Index