Subject: Re: replace kernel random number function
To: None <itojun@iijlab.net>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 10/23/2000 08:10:47
  by mail.netbsd.org with SMTP; 23 Oct 2000 12:06:05 -0000
	by mail-green.research.att.com (Postfix) with ESMTP
	id 09E0F1E056; Mon, 23 Oct 2000 08:05:56 -0400 (EDT)
	by postal.research.att.com (8.8.7/8.8.7) with ESMTP id IAA14796;
	Mon, 23 Oct 2000 08:05:55 -0400 (EDT)
	by smb.research.att.com (Postfix) with ESMTP
	id E3FA535DC2; Mon, 23 Oct 2000 08:10:47 -0400 (EDT)
From: "Steven M. Bellovin" <smb@research.att.com>
To: itojun@iijlab.net
Cc: tech-security@netbsd.org, tech-kern@netbsd.org
Subject: Re: replace kernel random number function 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 23 Oct 2000 08:10:47 -0400
Message-Id: <20001023121048.E3FA535DC2@smb.research.att.com>

In message <7475.972260746@coconut.itojun.org>, itojun@iijlab.net writes:
>
>>Where will you get the seeds?  That's the really hard part.
>
>	i thought of reseeding by rnd(4) random number device, like
>	every N seconds.
>
>>The right thing to do would be to port yarrow (see www.counterpane.com, 
>>though I don't have the link available just now and I'm offline when 
>>writing this).  Unfortunately, it's filled with lots of DLL-ish things.
>
>	hmm, i'm sure we can strip DLL-ish part off.

The point of yarrow is to do that reseeding in a cryptographically 
sound way.  (I'd frankly rather it ran in user space, of course.)

		--Steve Bellovin