Date: Sun, 18 Jun 2000 20:51:50 -0600 From: Warner Losh <imp@village.org> To: Peter Jeremy <peter.jeremy@alcatel.com.au> Cc: current@FreeBSD.ORG Subject: Re: mktemp() patch Message-ID: <200006190251.UAA52694@harmony.village.org> In-Reply-To: Your message of "Mon, 19 Jun 2000 12:46:09 %2B1000." <00Jun19.124610est.115250@border.alcanet.com.au> References: <00Jun19.124610est.115250@border.alcanet.com.au> <394124C3.221E61BC@vangelderen.org> <Pine.BSF.4.21.0006072338550.73192-100000@freefall.freebsd.org> <200006081724.TAA00705@grimreaper.grondar.za> <394124C3.221E61BC@vangelderen.org> <200006190201.UAA52489@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <00Jun19.124610est.115250@border.alcanet.com.au> Peter Jeremy writes: : On 2000-Jun-19 12:03:40 +1000, Warner Losh <imp@village.org> wrote: : >In message <394124C3.221E61BC@vangelderen.org> "Jeroen C. van Gelderen" writes: : >: Pseudo random numbers are so cheap (or they should be) that you : >: just don't want to try and 'optimize' here. It is much better to : >: be conservative and use a good PRNG until it *proves* to be very : >: problematic. : > : >I disagree with this strongly. PRNG have proven time and time again : >to weaken security due to their less than random nature. It is my : >judgement that going down this path would be very bad, especially when : >cryptographically strong random number generators exist and are part : >of the base FreeBSD system. We should just use those... : : The PRNG in question is arc4random() - which AFAIK rates as : "cryptographically strong". I don't believe that mktemp(3) warrants : the use of /dev/random (or even /dev/urandom). I think we're in agreement. I had thought I read it as "use random(3)" for some reason.... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006190251.UAA52694>