On Fri, Jun 09, 2000 at 10:02:44PM +0200, Mark Murray wrote:
> > > But I repeat myself; are you still intending to use cryptographic security
> > > for one bit? What does that buy you? An attacker will laugh at the waste
> > > of resources that went into a coin-flip :-). Much better is to use something
> > > cheaper like time-of-day XOR 1 << whatever.
> > 
> > Pseudo random numbers are so cheap (or they should be) that you 
> > just don't want to try and 'optimize' here. It is much better to 
> > be conservative and use a good PRNG until it *proves* to be very
> > problematic.
> Why not just XOR the whole lot into the current ${randomnumber}?
> That way, at least the effort of the whole calculation is not wasted
> as much.

Why to XOR true random bits from arc4random() with non-random bits from 
getpid()? It only weakens. Better way is just remove any getpid() code and 
left arc4random() only.

Andrey A. Chernov

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to