Date: Sun, 29 Dec 2002 02:29:00 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Tim Kientzle <kientzle@acm.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Can dhclient rely on /dev/random? Message-ID: <20021229022705.L12856-100000@patrocles.silby.com> In-Reply-To: <3E0E1879.6090801@acm.org> References: <3E0E02F3.6030205@acm.org> <20021228150348.Y10588-100000@patrocles.silby.com> <3E0E1879.6090801@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 28 Dec 2002, Tim Kientzle wrote: > I've clocked /dev/random on -current at > just about 10MB/s (on a 1GHz AMD Duron). That's > plenty fast enough for generating session keys. ;-) Sounds like it, I didn't realize it was that fast. :) > If this code is just used for generating occasional > keys, 4.x's /dev/random may well suffice. As I > dig deeper, though, I'm starting to suspect that > this code isn't actually used by dhclient at all. > That would suggest a much simpler fix... ;-) > > Tim Warning! Warning! Under 4.x, you probably want to use /dev/urandom. The reason for this is that /dev/random is only guaranteed to give you values when it can guarantee that you're getting "good" randomness. And as 4.x doesn't harvest many entropy sources by default, there's little "good" randomness, and you'll get nothing! /dev/urandom's "bad" randomness is certainly better than no randomness at all. :) Of course, if dhclient doesn't need any randomness, then I guess you don't have to worry. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021229022705.L12856-100000>