On Thu, Sep 13, 2007 at 10:57:57PM +0200, Per olof Ljungmark wrote: > Roland Smith wrote: >> On Thu, Sep 13, 2007 at 05:31:55PM +0100, RW wrote: >>> On Thu, 13 Sep 2007 17:36:30 +0200 >>> Roland Smith <[EMAIL PROTECTED]> wrote: >>> >>>> On Thu, Sep 13, 2007 at 04:56:26PM +0200, Per olof Ljungmark wrote: >>>>> Hi, >>>>> >>>>> Could someone on the list point me to a document that explains the >>>>> functionality of /dev/random in FreeBSD in a little more depth than >>>>> the man page? In other OS's I've looked at random and urandom are >>>>> different, here it's a symlink (talking about RELENG-6 onwards). >>>> FreeBSD uses the yarrow algorithm, as mentioned in random(4). See >>>> http://en.wikipedia.org/wiki/Yarrow_algorithm >>>> http://www.schneier.com/yarrow.html >>> Yarrow is reseeded with interrupt entropy, and is supposedly good >>> enough not to require the amount of entropy to be tracked. >>> So /dev/random need not block, and there's no need for a separate >>> non-blocking device. >> On the website it says that the original yarrow algorithm is no longer >> supported. It seems to have been replaced by the fortuna algorithm. >> I can't see from the source if /usr/src/sys/dev/random/yarrow.* use the >> original yarrow algorithm, or the improved yarrow-160 aka fortuna. The use >> of >> crypto/rijndael/rijndael-api-fst.h and crypto/sha2/sha2.h seem to >> indicate the latter though. > > Should I conclude then that randomness is sufficient and performance is a > non-issue?
Performance isn't an issue, AFAICT. Whether randomness is sufficient depends on what you're using it for. I'd say yes, unless you want to generate one-time pads. There are some test programs that you can download to test for randomness. E.g. http://www.fourmilab.ch/random/ Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
pgp9SahE7s7rm.pgp
Description: PGP signature