[PATCH v3] Seed random generator in main()

Simo simo at samba.org
Wed Jun 17 10:11:14 MDT 2015


On Wed, 2015-06-17 at 17:09 +0200, Volker Lendecke wrote:
> On Wed, Jun 17, 2015 at 10:58:37AM -0400, Simo wrote:
> > Well for me it meant "not using our own PRNG", so yeah we can use krb5
> > or openssl or what you have, as long as we use something that is vetted
> > an updated by people that know what they are doing and consider good
> > random number generation as one of their top priorities.
> 
> On BSDs I would consider the system arc4random functions in that
> league. At least that's what all the documentation suggests. Please
> correct me if I'm wrong.

Well given that RC4 streams are not considered secure anymore in the
context of TLS connections, I am not sure a PRNG based on RC4 should be.
Of course a PRNG can use other properties and maybe it is secure enough,
I just do not know, so I prefer to use a cryptographic library than
guess on my own.

> On Linux we could always use urandom, right. Other systems might require
> other things.

Ok.

Simo.

-- 
Simo Sorce



More information about the samba-technical mailing list