cvs commit: src/sys/libkern arc4random.c
Mark Murray
mark at grondar.org
Fri Aug 15 12:14:30 PDT 2003
Mike Silbersack writes:
> > How did you validate the this change? I strongly suggest that mods like
> > this need review before commit. Subtle problems can go unnoticed for a
> > long time.
> >
> > Sam
>
> I'm fairly confident that I did not add any bugs in this commit. However,
> I also have no way of knowing if arc4random was working correctly before
> the commit either... How hard would it be to hook up the randomness
> testing code you committed a few months back? If the testing code is in
> userland, perhaps we could export a /dev/arandom like openbsd does for
> simpler testing.
I have not looked at the locking, but I have looked at this from a
randomness perspective.
With that in mind, I think Mike did the right thing in making sure
that the first chunk of arcfour 'randomness' is ditched after a
rekey. It may be fixing a non-problem, but if there is an undisclosed
problem in determining the arcfour sequence, this helps thwart that.
For the paranoids, this is cheap (almost free), and is solid from a
arcfour-neurotic perspective.
M
--
Mark Murray
iumop ap!sdn w,I idlaH
More information about the cvs-src
mailing list