Thor Lancelot Simon <tls@rek.tjls.com> writes:
> On Tue, May 28, 2002 at 06:23:05PM +0900, itojun@iijlab.net wrote:
> > 	i would really like to have arc4random(9) in libkern, both for
> > 	easy access to better random number source, as well as source code
> > 	compatibility with other *BSD (OpenBSD and FreeBSD already have one).
> > 	any objections/comments?
> 
> I'm concerned that we seem to be adding poorly-considered cryptographic
> APIs simply because other operating systems have done so.

I partially (but only partially) agree. I think burning the use of rc4
into the API is a mistake. We can simply have an API that puts out
random numbers of particular sorts, and the implementation of one of
them could (or might not be) rc4. Could we change this in that way?

As for removing use of rc4 itself, I'd agree it would be good, but I
think we should take a bit longer to decide on precisely what we want
done. Your proposal of the use of the X9.31 mechanism sounds like a
not-so-bad idea, but of course we would have to decide on details. I'd
prefer that we not condition fixing the API on fixing the
implementation -- the two should proceed independently...

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/