ProPolice: best way to fill canary
silby at silby.com
Sat Jul 9 08:36:33 GMT 2005
On Sat, 9 Jul 2005, Jeremie Le Hen wrote:
> Thanks for you answer. In that case, which sysctl should we use ?
> * OpenBSD's kern.arnd (KERN_ARND) which is a front-end to
> the arc4random() function ?
> * NetBSD's kern.urandom (KERN_URND) which is using the rnd(4)
> pseudo-device. They also have KERN_ARND in sysctl.h, which
> is no more than a #define of KERN_URND, for compatibility
> with OpenBSD.
> Usually, I noticed that FreeBSD used to be as close as possible with
> NetBSD. But I would like to hear the voice of a more experienced
> hacker about this.
> Best regards,
> Jeremie Le Hen
I wouldn't say that we favor code from any one project over another, every
situation is different.
In this case, I'm personally rather indifferent - both RNGs should supply
good entropy. Arc4 may be a bit faster (I don't know if anyone has
benchmarked by how much), so for this purpose it would seem to be the one
I can commit any patches you have after the 6.0 code freeze ends, which
should be in the next few weeks. (It can be MFC'd to 6.0 and 5.4 after
that as well.)
Mike "Silby" Silbersack
More information about the freebsd-hackers