Subject: Re: random()
To: None <tls@rek.tjls.com>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 09/05/2003 20:56:44
In message <20030905231416.GA25630@rek.tjls.com>, Thor Lancelot Simon writes:
>On Sat, Sep 06, 2003 at 07:48:15AM +0900, Jun-ichiro itojun Hagino wrote:
>> perry:
>> > Then perhaps we should remove random(9) before it causes more trouble,
>> > or at least disable building it for now.
>>
>> if there's no special reason for using random(9), could you please
>> replace them with arc4random()? (mask it with INT32_MAX if you don't
>> want the top bit set)
>>
>> or we could do following in sys/lib/libkern/random.c:
>>
>> u_long
>> random()
>> {
>> return arc4random() & INT32_MAX;
>
>Unfortunately, this won't work. The profiling code requires that random()'s
>output be uniform on [0, 2^31 -1 ]. I'm pretty sure RC4 output does not
>have this property.
It's pretty good but not perfect. I suspect that it's good enough for
profiling. It would help to discard the first bytes generated by each
new key -- at least 16 bytes, probably 256 or even 512.
--Steve Bellovin, http://www.research.att.com/~smb