In message <[EMAIL PROTECTED]> Peter Jeremy writes:
: On 2000-Jun-19 12:03:40 +1000, Warner Losh <[EMAIL PROTECTED]> wrote:
: >In message <[EMAIL PROTECTED]> "Jeroen C. van Gelderen" writes:
: >: Pseudo random numbers are so cheap (or they should be) that you
: >: just don't want to try and 'optimize' here. It is much better to
: >: be conservative and use a good PRNG until it *proves* to be very
: >: problematic.
: >
: >I disagree with this strongly. PRNG have proven time and time again
: >to weaken security due to their less than random nature. It is my
: >judgement that going down this path would be very bad, especially when
: >cryptographically strong random number generators exist and are part
: >of the base FreeBSD system. We should just use those...
:
: The PRNG in question is arc4random() - which AFAIK rates as
: "cryptographically strong". I don't believe that mktemp(3) warrants
: the use of /dev/random (or even /dev/urandom).
I think we're in agreement. I had thought I read it as "use
random(3)" for some reason....
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
