On Sat, 28 Dec 2002, Tim Kientzle wrote: > Policy Question: is a fast, high-quality > /dev/random a gauranteed feature starting with 5.0?
Yes. > Technical Question: is /dev/random sufficient > for the cryptographic requirements of programs > like dhclient, bind, etc? Yes. > I believe both of these are answered 'yes'. > > If so, I'll work up a patch to alter these > programs to rely solely on /dev/random. > I suppose that patch should be sent to the ISC > folks, since those programs are vendor > imports. (?) (I'm envisioning a > FAST_GOOD_DEV_RANDOM compile-time switch; > if set, /dev/random would be the only source > of entropy used.) > > Any pointers/suggestions appreciated, > > Tim Kientzle The only problem is that /dev/urandom and /dev/random might be too slow for direct use whereever random data is needed. However, they are certainly a lot better for seeding an RC4 generator (or something similar) than netstat / ps / etc would be. As such, you may even want to use /dev/urandom under 4.x, although it's nowhere near as good as the /dev/(u)random on 5.x. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
