[issue1924] mmap - add mmap offset randomisation

Robin Carey robin.carey1 at googlemail.com
Thu Nov 25 09:28:04 PST 2010


Hi,
 
Last time I checked karc4random() was an in-kernel ARC4 CSPRNG/random number generator.
 
Maybe since the last time I checked, someone has ripped that out and replaced it with a call to the superior
IBAA/L15 in-kernel CSPRNG/random number generator.
 
I would have to check the sources to find out if that is the case or not; I'll do it after I finish this reply.
 
--
 
To answer your question: ARC4/RC4 is a poor quality CSPRNG/random number generator, i.e. it is
bad in a number of different ways.
 
Whereas, the in-kernel IBAA/L15 CSPRNG random numberr generator is vastly superior in a number of
different ways.
 
That's why it is better to use it, rather than ARC4/RC4 (karc4random()).
 
Hope that answers your question.
On 25 November 2010 16:30, Alex Hornung (via DragonFly issue tracker) <bugs at crater.dragonflybsd.org> wrote:
Alex Hornung <ahornung at gmail.com> added the comment:
Care to explain the reasoning behind that a bit more? Why is karc4random()worse? What are the exact benefit of using the other interface?I thought karc4random also takes advantage of randomness fed in from devices,
etc.Cheers,Alex----------status: unread -> chatting_____________________________________________________DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1924>_____________________________________________________-- 
Sincerely,Robin Carey




More information about the Bugs mailing list