cvs commit: src/sys/libkern arc4random.c
Mike Silbersack
silby at silby.com
Fri Aug 15 12:41:29 PDT 2003
On Fri, 15 Aug 2003, Sam Leffler wrote:
> I suggest that being fairly confident about your changes is very different
> from testing them.
>
> > However,I also have no way of knowing if arc4random was working correctly
> before
> > the commit either...
>
> If you didn't know how to verify things worked before or after why did you
> make these changes? Was there a specific problem you were trying to
> address?
Well, I tested them in that I read everything through carefully, and I
made sure that arc4random was indeed throwing out random-looking data.
Beyond that, without knowing how to use the randomness testbench, I'm not
sure what other tests I could run.
> You could use the rndtest code directly in the kernel to gate the output of
> arc4random or you could extract the code and write a user-level test
> application. I don't know if Mark Murray has something already along these
> lines (presumably he had something from his work on /dev/random).
>
> Note that the data generated by arc4random needs to be exported to user
> apps for seeding crypto operations when operating in a chroot'd environment
> where /dev/random is not available. This is something openbsd identified
> and that we've not brought over yet (I've known about it for a while but
> the work's been pending). As such one should be very careful about futzing
> with the goodness of the data arc4random generates.
>
> Sam
Ok, I'll look into using rndtest and exporting arc4random via /dev/arandom
and a sysctl.
Mike "Silby" Silbersack
More information about the cvs-src
mailing list