Circa 2003-12-04 12:42:26 -0500 dixit Adam Shostack: : On Wed, Dec 03, 2003 at 08:54:11AM +0100, Han Boetes wrote: : | I ported arc4random from OpenBSD to linux some time ago. All I had to : | do was to change the sysctl: : | : | http://www.xs4all.nl/~hanb/software/arc4random.tar.bz2 : : Can you explain why it's better than the kernel's randomness pool? The arc4random() function does not deplete the Linux kernel's entropy pool, as reading from /dev/random does. As long as arc4random() is properly seeded from /dev/random to begin with (and periodically stirred with more entropy from /dev/random), it's perfectly good unpredictable pseudorandom data, suitable for most anything except actually generating cryptographic keys. OpenBSD uses arc4random() as the basis for the mkstemp() function to generate unpredictable temporary filenames, for example. In sum, using a properly seeded arc4random() under Linux is similar to reading from /dev/urandom, but it uses the ARC4 algorithm to generate the pseudorandom data rather than the undocumented algorithm used by Linux's /dev/urandom. -- jim knoble | jmknoble@xxxxxxxxx | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491) ..................................................................... :"The methods now being used to merchandise the political candidate : : as though he were a deodorant positively guarantee the electorate : : against ever hearing the truth about anything." --Aldous Huxley : :...................................................................:
Attachment:
pgpESNR6A4yHt.pgp
Description: PGP signature