[PATCH v3] Seed random generator in main()

Andrew Bartlett abartlet at samba.org
Wed Jun 17 16:33:33 MDT 2015


On Thu, 2015-06-18 at 09:28 +1200, Douglas Bagnall wrote:
> hi Simo,
> 
> On 18/06/15 04:11, Simo wrote:
> > > On BSDs I would consider the system arc4random functions in that
> > > league. At least that's what all the documentation suggests. 
> > > Please
> > > correct me if I'm wrong.
> > 
> > Well given that RC4 streams are not considered secure anymore in 
> > the
> > context of TLS connections, I am not sure a PRNG based on RC4 
> > should be.
> 
> Don't be fooled by the name. The arc4random functions use ChaCha20 in
> Open- and Net- BSDs, and I think the other ones are coming round.
> (See e.g. http://bxr.su/NetBSD/lib/libc/gen/arc4random.c or
> https://en.wikipedia.org/wiki/Salsa20#ChaCha20_adoption).

Sadly the libbsd version must have been taken from an older BSD, and
uses RC4 in a way I'm not entirely comfortable with (no hashing of the
data after reading the stream), compared with what we do internally.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team         http://samba.org
Samba Development and Support, Catalyst IT   http://catalyst.net.nz/services/samba








More information about the samba-technical mailing list