Re: libbsd package

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-bsd@lists.debian.org, Mikael Berthe <mikael.berthe@lilotux.net>
Subject: Re: libbsd package
From: Thorsten Glaser <tg@mirbsd.de>
Date: Fri, 18 Jul 2008 17:23:16 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.0807181721180.17556@odem.66h.42h.de>
In-reply-to: <[🔎] 873am7dxep.fsf@mid.deneb.enyo.de>
References: <Pine.BSM.4.64L.0806292125100.30307@herc.mirbsd.org> <20080630191209.GG10329@lilotux.net> <Pine.BSM.4.64L.0806302324010.5390@herc.mirbsd.org> <[🔎] 873am7dxep.fsf@mid.deneb.enyo.de>

Florian Weimer dixit:

>I'd also see a change that limits the number of bytes which is read from
>/dev/urandom (32 or fewer should be enough).  I'm concerned about
>looping shell scripts darinign entropy from the pool at an unacceptably
>high rate.

For things like that, the OpenBSD and MirBSD kernels have /dev/arandom,
which itself is also generated from arc4random(9). It's interesting that
things like that haven't yet been picked up by other operating systems.
(While arandom(4) only has 256 bytes (RC4) of internal state, and Linux
random/urandom has 512, OpenBSD/MirBSD has 4096, the security of arandom
increases the more users it has, and our kernel uses it internally quite
heavily too.)

bye,
//mirabilos
-- 
13:22⎜«neurodamage» mira, what's up man? I have a CVS question for you in #cvs
13:22⎜«neurodamage» since you're so good with it ☺
13:28⎜«neurodamage:#cvs» i love you
13:28⎜«neurodamage:#cvs» you're a handy guy to have around for systems stuff ☺

Reply to:

Follow-Ups:
- Re: libbsd package
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: libbsd package
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: libbsd package
Next by Date: Re: libbsd package
Previous by thread: Re: libbsd package
Next by thread: Re: libbsd package
Index(es):
- Date
- Thread