[DragonFlyBSD - Bug #600] /sys/libkern/karc4random

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Mon Jan 19 03:07:10 PST 2015

Issue #600 has been updated by profmakx.

Description updated
Assignee changed from 0 to profmakx

>From a recent conversation with alexh on IRC. I'll assign this to myself and have a look.

13:18 <@ profmakx> alexh, you think we should use Chacha for (k)arc4random?
13:36 <@    alexh> well, yes, arc4, but the entropy isn't from arc4
13:36 <@    alexh> :)
13:37 <@    alexh> so just wondering where it gets the entropy form
13:37 <@    alexh> from
13:37 <@ profmakx> the entropy comes from read_random_unlimited
13:37 <@ profmakx> and hence from whatever is siet in randmode
13:37 <@    alexh> and that one uses what?
13:37 <@    alexh> hm
13:37 <@    alexh> does it?
13:37 <@    alexh> ok
13:37 <@ profmakx> per default mixed ibaa & csprng
13:38 <@    alexh> hm no
13:38 <@    alexh> seems to use IBAA only
13:38 <@    alexh> afaict
13:38 <@ profmakx> how do you tell?
13:39 <@    alexh> 609((u_char *)buf)[i] = IBAA_Byte();
13:39 <@    alexh> that is,
13:39 <@ profmakx> oh there
13:39 <@ profmakx> urgh
13:39 <@    alexh> that should probably use the csprng, or the usual mix
13:40 <@    alexh> although
13:40 <@    alexh> I think the reason I didn't change it is because urandom uses that
13:41 <@    alexh> for urandom, IBAA only is fine
13:41 <@    alexh> it'd probably be a good idea to split that out
13:41 <@    alexh> make a read_random_unlimited_cheap and read_random_unlimited
13:41 <@ profmakx> right
13:41 <@    alexh> use read_random_unlimited_cheap where proper randomness doesn't matter, e.g. urandom
13:42 <@    alexh> and use read_random_unlimited elsewhere, in the kernel, where it does matter
13:43 <@    alexh> not necessarily everywhere in the kernel
13:43 <@ profmakx> i just read that openbsd/netbsd use chacha for arc4random now
13:43 <@    alexh> just where it's used for some cryptographic purpose
13:43 <@    alexh> I mean, you can use tie it in directly into read_random_unlimited
13:43 <@    alexh> and remove the whole arc4random indirection
13:44 <@    alexh> but you'll still have to split out read_random_unlimited{,_cheap}  
13:45 <@ profmakx> ChaCha20 is also used for random number generator arc4random in OpenBSD, NetBSD and Dragonfly BSD operating systems, instead of "broken" RC4
13:45 <@ profmakx> hurr
13:45 <@ profmakx> factually wrong wikipedia articles for teh win
13:46 <@ profmakx> mhm the userspace arc4random does use /dev/random

Bug #600: /sys/libkern/karc4random

* Author: robin_carey5
* Status: New
* Priority: Low
* Assignee: profmakx
* Category: 
* Target version: 
What is the point of keeping/using the in-kernel arc4
random number generator when you already have a very
good/superior IBAA/L15 random number generator.

If you need a u_int32_t quantity then simply add a
function to /sys/kern/kern_nrandom.c to produce a


Some issues with /sys/libkern/karc4random.c :

(a) If you intend to keep /sys/libkern/karc4random.c I
recommend you make a modification to it to improve
performance: Every time the karc4_random() function is
called it calls getmicrotime(), to check the time, and
it also checks the number of runs made, to see if it
should reseed itself. You can make a big performance
improvement by removing this call to getmicrotime()
and instead simply checking the number of runs to
determine when it should reseed itself.

(b) The karc4random.c file uses u_int8_t types for
arc4_i, arc4_j and arc4_t so there is no need for the
% 256 operation - another performance improvement.

(c) In arc4_init() you are throwing away 256*4 bytes
of output, when you only need to throw away the first
256 bytes of output.

R Carey.

Yahoo! Answers - Got a question? Someone out there knows the answer. Try it

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

More information about the Bugs mailing list