Date: Sun, 02 Feb 2003 19:00:18 +0000 From: Mark Murray <mark@grondar.org> To: phk@freebsd.org Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, current@freebsd.org Subject: Re: rand() is broken Message-ID: <200302021900.h12J0IaX050026@grimreaper.grondar.org> In-Reply-To: Your message of "Sun, 02 Feb 2003 19:47:12 %2B0100." <32212.1044211632@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
phk@freebsd.org writes: > In message <200302021836.h12Ia2aX049696@grimreaper.grondar.org>, Mark Murray > wr > ites: > > >We have most of this, and RC4 can deliver. RC4's "licence" is > >fine. Call it "ArCFour" and there is no problem. The code is > >small, fast and repeatable, and meets conditions 1-4 above. > > There are some concerns about RC4's strength and predictability. Not here. We are talking statistical randomness, not cryptographic. RC4 is juuuust fine. > In cases were we just want trivial "randomness", this doesn't matter, > but when we start to seed it with /dev/random to get good randomness > we to be more careful. Sure. srandomdev() needs to "burn" some output. > Maybe we should spend an AES on it, just in case ? Hold that thought. The "moral equivalent" of 'dd if=random() of=/dev/null bs=1 count=4096' is enough for now. Any problems, and I'll be right with you! M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302021900.h12J0IaX050026>