ProPolice: best way to fill canary

Mike Silbersack silby at
Sat Jul 9 08:36:33 GMT 2005

On Sat, 9 Jul 2005, Jeremie Le Hen wrote:

> Thanks for you answer.  In that case, which sysctl should we use ?
> 	* OpenBSD's kern.arnd (KERN_ARND) which is a front-end to
> 	  the arc4random() function ?
> 	* NetBSD's kern.urandom (KERN_URND) which is using the rnd(4)
> 	  pseudo-device.  They also have KERN_ARND in sysctl.h, which
> 	  is no more than a #define of KERN_URND, for compatibility
> 	  with OpenBSD.
> Usually, I noticed that FreeBSD used to be as close as possible with
> NetBSD.  But I would like to hear the voice of a more experienced
> hacker about this.
> Thanks.
> Best regards,
> -- 
> Jeremie Le Hen

I wouldn't say that we favor code from any one project over another, every 
situation is different.

In this case, I'm personally rather indifferent - both RNGs should supply 
good entropy.  Arc4 may be a bit faster (I don't know if anyone has 
benchmarked by how much), so for this purpose it would seem to be the one 
to use.

I can commit any patches you have after the 6.0 code freeze ends, which 
should be in the next few weeks.  (It can be MFC'd to 6.0 and 5.4 after 
that as well.)

Mike "Silby" Silbersack

More information about the freebsd-hackers mailing list