Date: Fri, 15 Aug 2003 14:40:35 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Sam Leffler <sam@errno.com> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/libkern arc4random.c Message-ID: <20030815143835.T1565@odysseus.silby.com> In-Reply-To: <87953260.1060949270@melange.errno.com> References: <200308150634.h7F6Ylxw022089@repoman.freebsd.org> <20030815133943.I1565@odysseus.silby.com> <87953260.1060949270@melange.errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Aug 2003, Sam Leffler wrote: > I suggest that being fairly confident about your changes is very different > from testing them. > > > However,I also have no way of knowing if arc4random was working correctly > before > > the commit either... > > If you didn't know how to verify things worked before or after why did you > make these changes? Was there a specific problem you were trying to > address? Well, I tested them in that I read everything through carefully, and I made sure that arc4random was indeed throwing out random-looking data. Beyond that, without knowing how to use the randomness testbench, I'm not sure what other tests I could run. > You could use the rndtest code directly in the kernel to gate the output of > arc4random or you could extract the code and write a user-level test > application. I don't know if Mark Murray has something already along these > lines (presumably he had something from his work on /dev/random). > > Note that the data generated by arc4random needs to be exported to user > apps for seeding crypto operations when operating in a chroot'd environment > where /dev/random is not available. This is something openbsd identified > and that we've not brought over yet (I've known about it for a while but > the work's been pending). As such one should be very careful about futzing > with the goodness of the data arc4random generates. > > Sam Ok, I'll look into using rndtest and exporting arc4random via /dev/arandom and a sysctl. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030815143835.T1565>