From owner-freebsd-questions@FreeBSD.ORG Tue Sep 23 12:55:03 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B60F31065685 for ; Tue, 23 Sep 2008 12:55:03 +0000 (UTC) (envelope-from fbsd06+2B=235abae4@mlists.homeunix.com) Received: from fallback-in1.mxes.net (fallback-out1.mxes.net [216.86.168.190]) by mx1.freebsd.org (Postfix) with ESMTP id 8CA388FC14 for ; Tue, 23 Sep 2008 12:55:03 +0000 (UTC) (envelope-from fbsd06+2B=235abae4@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by fallback-in1.mxes.net (Postfix) with ESMTP id B8F08164684 for ; Tue, 23 Sep 2008 08:39:38 -0400 (EDT) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 710A523E4B4 for ; Tue, 23 Sep 2008 08:39:37 -0400 (EDT) Date: Tue, 23 Sep 2008 13:39:35 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20080923133935.2523d8de@gumby.homeunix.com.> In-Reply-To: References: <18648.30321.369520.631459@jerusalem.litteratus.org> X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: using /dev/random X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Sep 2008 12:55:03 -0000 On Tue, 23 Sep 2008 00:51:02 -0700 "Ted Mittelstaedt" wrote: > The canonical way is to use the functions random(), or srandom() > or srandomdev() or arc4random() depending on what > you need the random data for. /dev/random is really only > useful for seeding these functions (some of them pull data > from /dev/random internally) It depends what you are trying to achieve, random and srandom aren't considered to be cryptographically secure. The userland version of arc4random() (which is RC4) is probably OK, but it's known to be distinguishable from random, which is technically a break. The kernel version is much less secure, because it's not guaranteed to be seeded properly. For non-trivial Monte-Carlo work you're better-off with something intended for the purpose, such as the Mersenne Twister. > The device has thus been optimized > for seed generation to feed these other functions. It wasn't, it was designed to be a fast and secure all-round random number generator. > If you really want to roll-your-own and not use these functions > then you could read blocks from /dev/random and run > a Chi-square and Monte Carlo test on each > block and discard the ones that don't pass. > > I've done my experimenting with the ENT program: > > http://www.fourmilab.ch/random/ I'm sceptical about this, if Rijndael in counter-mode produced output that's distinguishable from random numbers over a few thousand bytes it would surely never have made it into the AES competition, let alone win it.