cvs commit: src/sys/libkern arc4random.c

Mike Silbersack silby at
Fri Aug 15 12:41:29 PDT 2003

On Fri, 15 Aug 2003, Sam Leffler wrote:

> I suggest that being fairly confident about your changes is very different
> from testing them.
> > However,I also have no way of knowing if arc4random was working correctly
> before
> > the commit either...
> If you didn't know how to verify things worked before or after why did you
> make these changes?  Was there a specific problem you were trying to
> address?

Well, I tested them in that I read everything through carefully, and I
made sure that arc4random was indeed throwing out random-looking data.
Beyond that, without knowing how to use the randomness testbench, I'm not
sure what other tests I could run.

> You could use the rndtest code directly in the kernel to gate the output of
> arc4random or you could extract the code and write a user-level test
> application.  I don't know if Mark Murray has something already along these
> lines (presumably he had something from his work on /dev/random).
> Note that the data generated by arc4random needs to be exported to user
> apps for seeding crypto operations when operating in a chroot'd environment
> where /dev/random is not available.  This is something openbsd identified
> and that we've not brought over yet (I've known about it for a while but
> the work's been pending).  As such one should be very careful about futzing
> with the goodness of the data arc4random generates.
> 	Sam

Ok, I'll look into using rndtest and exporting arc4random via /dev/arandom
and a sysctl.

Mike "Silby" Silbersack

More information about the cvs-src mailing list