[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: use of RDRAND in $random_library

Kurt Roeckx dixit:

>As far as I know, OpenBSD stopped using (A)RC4 for their random
>number generation for good reason, even though the function is

They stopped, but not for good reason. But you can also use the
new unlicenced algorithm they use, if you really feel like it,
it’s not bad either, just lacks a proper licence. Or just use
whatever libbsd ships.

>still called that way.  You now seems to suggest to use RC4 again,
>which seems like a bad idea to me.

It is not a bad idea. Using RC4 in certain environments (WEP, TLS)
has its downsides, but I analysed each of them in the context of
using it for a stretching RNG, and found out that, with a tweak¹²,
aRC4 is still good there.

① Not included in OpenBSD or libbsd, TTBOMK

② Change arc4random() to drop 1 or 2 bytes randomly, in addition
  to those four it reads. Change arc4random_buf() to drop 1/2/3/4
  bytes randomly for every up to 256 bytes it reads. Increase the
  amount of bytes thrown away after rekeying to 12*256 plus some
  random amount of bytes. Using arc4_getbyte to determine these
  random amounts is correct (and takes care of one byte already).

“ah that reminds me, thanks for the stellar entertainment that you and certain
other people provide on the Debian mailing lists │ sole reason I subscribed to
them (I'm not using Debian anywhere) is the entertainment factor │ Debian does
not strike me as a place for good humour, much less German admin-style humour”

Reply to: