From owner-freebsd-security Tue Nov 30 13:42:27 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5F7AD14A1A; Tue, 30 Nov 1999 13:42:26 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 52C251CD743; Tue, 30 Nov 1999 13:42:26 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 30 Nov 1999 13:42:26 -0800 (PST) From: Kris Kennaway To: Mark Murray Cc: Brad Knowles , security@FreeBSD.ORG Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h In-Reply-To: <199911301942.VAA17801@gratis.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 30 Nov 1999, Mark Murray wrote: > [ Moved to security. Off-topic for -audit ] > > > While T'so may not be a cryptographer by trade, it is my > > understanding that he has quite a bit of understanding of how crypto > > works (due to his involvement in PGP), and is a rather good > > programmer. > > He's big in MIT kerberos. I think I trust him. Maybe I was ambiguous in my initial method. I wasn't calling his abilities into question, just raising the point that if the choice was between something designed by an amateur cryptographer, and something designed by a professional, I'd pick the latter, all other things being equal. For the benefit of the newcomers to this thread (now that it's been moved where it probably should have been sent in the first place :) the discussion was in regard to the relative merits of our current PRNG {/dev/random, /dev/urandom} vs. the OpenBSD variant {/dev/random, /dev/arandom} and a third alternative, the Yarrow algorithm by Schneier. My conclusion is that what we have now is "good enough" not to worry about it excessively, and urandom is better than the OpenBSD variant arandom because it doesn't propagate state compromises deterministically (based on my reading of the code, if you break the state of the OpenBSD /dev/arandom, then you get on average the next 64 (up to 128) free "random" numbers with perfect certainty, and probabilistically thereafter, with a decay time 128 times longer than ours, which effectively reseeds every access). The downside is that ours is slower and consumes more entropy. If anyone has anything to add here I'd welcome the discussion.. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message