Is fork() hook ever possible?
Andrey Chernov
ache at freebsd.org
Tue Nov 15 07:08:46 UTC 2011
On Tue, Nov 15, 2011 at 12:49:29AM -0500, David Schultz wrote:
> On Tue, Nov 15, 2011, Andrey Chernov wrote:
> > In case you mean passing later whole structure like:
> >
> > arc4_addrandom((u_char *)&rdat, sizeof(rdat));
> >
> > it will be incorrect because it change known algorithm parameters, which
> > defines exact 128 bytes and not anything else.
>
> No, RC4 keys are anything up to 256 bytes.
Of course. But changing it away from the reference implementation will
cause questions or paranoia. You can re-read your recent reasons against
lowering drop count from 1024, this is very similar.
> I think what you really want is a union in any case, but relax.
> arc4_stir() works right now, so I think it can stay as is until
> we're ready to make further functional changes, e.g., getting
> entropy from the KERN_ARND sysctl.
You can left the current stir code as is but please don't forget in the
future that the price is its weakness in jails without /dev/random.
> But that's complicated by
> the fact that KERN_ARND won't tell you if it has failed to produce
> any useful entropy, and I won't have the cycles to look into it for
> a little while.
BTW, we can re-stir kernel arc4 one time more - when yarrow is feeded,
from the yarrow code. In general it promises to be earlier that any of
userland programs is starting.
--
http://ache.vniz.net/
More information about the freebsd-current
mailing list