Date: Fri, 09 Jun 2000 19:37:09 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: "Andrey A. Chernov" <ache@freebsd.org> Cc: Mark Murray <mark@grondar.za>, Kris Kennaway <kris@FreeBSD.ORG>, current@FreeBSD.ORG Subject: Re: mktemp() patch Message-ID: <39417FA5.F260EAA8@vangelderen.org> References: <394124C3.221E61BC@vangelderen.org> <200006092002.WAA00773@grimreaper.grondar.za> <20000609155342.B33329@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"Andrey A. Chernov" wrote:
>
> On Fri, Jun 09, 2000 at 10:02:44PM +0200, Mark Murray wrote:
> > > > But I repeat myself; are you still intending to use cryptographic security
> > > > for one bit? What does that buy you? An attacker will laugh at the waste
> > > > of resources that went into a coin-flip :-). Much better is to use something
> > > > cheaper like time-of-day XOR 1 << whatever.
> > >
> > > Pseudo random numbers are so cheap (or they should be) that you
> > > just don't want to try and 'optimize' here. It is much better to
> > > be conservative and use a good PRNG until it *proves* to be very
> > > problematic.
> >
> > Why not just XOR the whole lot into the current ${randomnumber}?
> > That way, at least the effort of the whole calculation is not wasted
> > as much.
Good point, there is no need to throw them away indeed.
> Why to XOR true random bits from arc4random() with non-random bits from
> getpid()? It only weakens. Better way is just remove any getpid() code and
> left arc4random() only.
Then you will get collisions which you will have to deal with. I am not
familiar with the code but if we can handle collisions nicely then that
would be the way to go: 64^6 = 2^36 possibilities which is nice...
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
jeroen@vangelderen.org _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39417FA5.F260EAA8>