Date: Fri, 14 Feb 2003 19:38:07 -0800 From: David Schultz <dschultz@uclink.Berkeley.EDU> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Nate Lawson <nate@root.org>, Juli Mallett <jmallett@FreeBSD.ORG>, Kirk McKusick <mckusick@FreeBSD.ORG>, src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sbin/newfs mkfs.c src/sys/ufs/ffs ffs_alloc.c ffs_vfsops.c Message-ID: <20030215033807.GB3750@HAL9000.homeunix.com> In-Reply-To: <20030215022542.GA62285@nagual.pp.ru> References: <20030214221503.GA59673@nagual.pp.ru> <Pine.BSF.4.21.0302141625390.39134-100000@root.org> <20030215022542.GA62285@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Andrey A. Chernov <ache@nagual.pp.ru>: > On Fri, Feb 14, 2003 at 16:31:10 -0800, Nate Lawson wrote: > > On Sat, 15 Feb 2003, Andrey A. Chernov wrote: > > > On Fri, Feb 14, 2003 at 15:33:28 -0600, Juli Mallett wrote: > > > > Are the sequences for it also repeatable in the newfs case for e.g. the > > > > regression tests, where it is used unseeded? > > > > > > Obvious answer - no. > > > > > > BTW, this fix really fixes nothing for FreeBSD case because we already use > > > srandomdev() (for non-regression case). > > > > Speaking totally informally, arc4 is more secure for this purpose than an > > LFSR despite seeding the latter via srandomdev(). > > It isn't big news, arc4random() internal state size is 256 bytes while > default random() state size is 124 bytes, but I don't think that anybody > can feel that difference inside short range needed for mkfs. The complaint > is about broken regression test case, not about srandom()->arc4random() > transition taken alone. The issue isn't how random the data ``feels'' according to ad hoc tests; the issue is predictability. NFS relies upon generation numbers being unguessable to prevent unauthenticated clients from spoofing file handles. Even if random() is a pretty good PRNG, arc4random() gives people peace of mind because it uses a real cryptographic hash. If you could guess arc4random() values without knowing the entropy pool, that would likely constitute an attack on RC4 itself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030215033807.GB3750>