On Friday 23 August 2013 11:31:06 Vladimir 'φ-coder/phcoder' Serbinenko wrote:
> > There is a warning about random generator not being secure in
> > util/grub-mkpasswd-pbkdf2.c, which may be supressed by adding "&& !
> > defined (__OpenBSD__)" to the defines list.
>
> To do this we need a confirmation that reading from /dev/urandom is
> indeed the right way to access PRNG on OpenBSD and that it gives us
> cryptographically good random.
On OpenBSD, all random pseudo-devices (random, arandom, srandom, urandom)
provide cryptographically good random.
From the random(4) man page:
DESCRIPTION
The various random devices produce high quality random output data.
Entropy data is collected from system activity (like disk, network, and
clock device interrupts and such), and then run through various hash or
message digest functions to generate the output. All the random devices
are expected to provide high quality pseudo-random output data.
The arc4random(3) function in userland libraries seeds itself from this
device (or with the sysctl(3) interface), providing a second level of
ARC4 hashed data without the need to access these devices every time.
--
Ilya
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
