On Mon, Jun 23, 2014 at 07:46:15PM +0000, Taylor R Campbell wrote: > instead? (And can a reference to this be stuffed into the man page?) > > Read from /dev/urandom.
...ugh. Can we provide a wrapper around this for transparent casual use? (Even if it's in libutil and marked not for general consumption?) Having to open-code the logic every time is really not conducive to doing things right, and in most arbitrary programs linking with some crypto lib to start up specific alternative stream ciphers (which will likely go out of date before the next time someone touches the code again) would be entirely inappropriate. There is a reason they came up with and deployed arc4random(), even though hardwiring it by name to a particular cipher was silly. > Or it may be worthwhile to mostly keep the way arc4random(3) works but > replace the PRNG, as in the first reimplementation of arc4random(3) > above, but rename it. yes please > With either of the later two cases, perhaps we > ought to just coopt random(3) for the purpose. no please (random(3) is not expected to be cryptographically strong, so code that assumes it is becomes unportable in a subtle and dangerous way) Also I think there's code out there that saves and restores the random(3) state and expects to get repeatable results. -- David A. Holland dholl...@netbsd.org
