[PATCH v3] Seed random generator in main()
Simo
simo at samba.org
Wed Jun 17 10:11:14 MDT 2015
On Wed, 2015-06-17 at 17:09 +0200, Volker Lendecke wrote:
> On Wed, Jun 17, 2015 at 10:58:37AM -0400, Simo wrote:
> > Well for me it meant "not using our own PRNG", so yeah we can use krb5
> > or openssl or what you have, as long as we use something that is vetted
> > an updated by people that know what they are doing and consider good
> > random number generation as one of their top priorities.
>
> On BSDs I would consider the system arc4random functions in that
> league. At least that's what all the documentation suggests. Please
> correct me if I'm wrong.
Well given that RC4 streams are not considered secure anymore in the
context of TLS connections, I am not sure a PRNG based on RC4 should be.
Of course a PRNG can use other properties and maybe it is secure enough,
I just do not know, so I prefer to use a cryptographic library than
guess on my own.
> On Linux we could always use urandom, right. Other systems might require
> other things.
Ok.
Simo.
--
Simo Sorce
More information about the samba-technical
mailing list