Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Aug 2003 22:06:34 +0200
From:      "Poul-Henning Kamp" <phk@phk.freebsd.dk>
To:        Mark Murray <mark@grondar.org>
Cc:        cvs-src@FreeBSD.org
Subject:   Re: cvs commit: src/sys/libkern arc4random.c 
Message-ID:  <12622.1060977994@critter.freebsd.dk>
In-Reply-To: Your message of "Fri, 15 Aug 2003 20:59:10 %2B0700." <200308151959.h7FJxBOI004295@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <200308151959.h7FJxBOI004295@grimreaper.grondar.org>, Mark Murray wr
ites:
>Sam Leffler writes:
>> > For the paranoids, this is cheap (almost free), and is solid from a
>> > arcfour-neurotic perspective.
>> 
>> I am not arguing for Mike to remove his change.  I am noting that making 
>> changes to critical system components w/o review and/or testing is 
>> dangerous.  Going forward we should have some tools for validating changes 
>> like this.  If the output of arc4random is available through a sysctl or 
>> similar then it could be a tool that sits in /usr/src/tools/tools. 
>> Otherwise it would be good to create a test module or similar to shunt 
>> arc4random data through rndtest.
>
>Tools can't test what we need tested here. Tools can test for varying
>degrees od statistical randomness, but _cryptographic_ randomness
>(which equates to "unpredictable by an observer") is harder. The
>best we can really do is attack it using cryptographic methodology,
>which at its lowest level is code review.

While that is true, it has also been shown that the errors most
likely to be missed by code reviews often make themselves obvious
in the distorted functioning of the code (ie: extra ';' after "if"
and similar).

So having a randomness regression test sounds like a good complement 
to reviews to me.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12622.1060977994>