Re: using /dev/random
On Thu, 25 Sep 2008 20:33:34 +0100 Kris Kennaway <[EMAIL PROTECTED]> wrote: > RW wrote: > > On Tue, 23 Sep 2008 11:52:07 -0400 > > kern.random.sys.seeded is just a flag that gets set to 1 on each > > reseed. IIRC it's also initialized to 1 so it doesn't actually do > > anything very useful. > > Except tell you that the kernel random number generator has finished > seeding ;) Not if it's initialized to 1. I'm not really sure if this is a bug, or whether the developers simply gave-up on starting the device blocked - rc.d/initrandom would unblock it anyway. The checks in rc.d/sshd are pointless. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using /dev/random
RW wrote: On Tue, 23 Sep 2008 11:52:07 -0400 Lowell Gilbert <[EMAIL PROTECTED]> wrote: Robert Huff <[EMAIL PROTECTED]> writes: What is the canonical way to get data from /dev/random? Specifically: having opened the file, how do I read the stream? I'm currently using union { float f; char c[4]; } foo; foo.f = 0.0; fscanf(rand_fp,"%4c",foo.c); which doesn't seem to produce anywhere near "random bytes" as promised by the man page. Have you turned off the "seeded" variable? You'll fall back to a software pseudorandom sequence if you don't. kern.random.sys.seeded is just a flag that gets set to 1 on each reseed. IIRC it's also initialized to 1 so it doesn't actually do anything very useful. Except tell you that the kernel random number generator has finished seeding ;) Kris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using /dev/random
On Tue, 23 Sep 2008 11:52:07 -0400 Lowell Gilbert <[EMAIL PROTECTED]> wrote: > Robert Huff <[EMAIL PROTECTED]> writes: > > > What is the canonical way to get data from /dev/random? > > Specifically: having opened the file, how do I read the stream? > > I'm currently using > > > > > > union { > > float f; > > char c[4]; > > } foo; > > > > foo.f = 0.0; > > > > fscanf(rand_fp,"%4c",foo.c); > > > > > > which doesn't seem to produce anywhere near "random bytes" > > as promised by the man page. > > Have you turned off the "seeded" variable? You'll fall back to a > software pseudorandom sequence if you don't. kern.random.sys.seeded is just a flag that gets set to 1 on each reseed. IIRC it's also initialized to 1 so it doesn't actually do anything very useful. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using /dev/random
Robert Huff <[EMAIL PROTECTED]> writes: > What is the canonical way to get data from /dev/random? > Specifically: having opened the file, how do I read the stream? > I'm currently using > > > union { > float f; > char c[4]; > } foo; > > foo.f = 0.0; > > fscanf(rand_fp,"%4c",foo.c); > > > which doesn't seem to produce anywhere near "random bytes" as > promised by the man page. Have you turned off the "seeded" variable? You'll fall back to a software pseudorandom sequence if you don't. Most computers don't have all that much real random data ("entropy") to work with, and if you need a lot of random data, you're more or less forced to use a good pseudorandom generator. "Good" can vary a bit depending on application, but random(3) is generally more than good enough for monte carlo style simulation purposes. Cryptography is another story. I have a hardware random number generator on my server, which helps with performance in some cases... -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using /dev/random
Robert Huff <[EMAIL PROTECTED]> writes: > What is the canonical way to get data from /dev/random? > Specifically: having opened the file, how do I read the stream? > I'm currently using > > > union { > float f; > char c[4]; > } foo; > > foo.f = 0.0; > > fscanf(rand_fp,"%4c",foo.c); > > > which doesn't seem to produce anywhere near "random bytes" as > promised by the man page. Have you turned off the "seeded" variable? You'll fall back to a software pseudorandom sequence if you don't. Most computers don't have all that much real random data ("entropy") to work with, and if you need a lot of random data, you're more or less forced to use a good pseudorandom generator. "Good" can vary a bit depending on application, but random(3) is generally more than good enough for monte carlo style simulation purposes. Cryptography is another story. I have a hardware random number generator on my server, which helps with performance in some cases... -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using /dev/random
On Tue, 23 Sep 2008 13:39:35 +0100 RW <[EMAIL PROTECTED]> wrote: > On Tue, 23 Sep 2008 00:51:02 -0700 > "Ted Mittelstaedt" <[EMAIL PROTECTED]> wrote: > > If you really want to roll-your-own and not use these functions > > then you could read blocks from /dev/random and run > > a Chi-square and Monte Carlo test on each > > block and discard the ones that don't pass. > > > > I've done my experimenting with the ENT program: > > > > http://www.fourmilab.ch/random/ > > I'm sceptical about this, if Rijndael in counter-mode produced output > that's distinguishable from random numbers over a few thousand bytes > it would surely never have made it into the AES competition, let > alone win it. I tried it myself (the windows binary runs under wine), it looks OK to me, they look like normal statistical fluctuations. You need to worry of they are consistently low or high, or if you *never* get extreme values. Discarding the blocks that don't "pass" would produce less random numbers, not better. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using /dev/random
On Tue, 23 Sep 2008 00:51:02 -0700 "Ted Mittelstaedt" <[EMAIL PROTECTED]> wrote: > The canonical way is to use the functions random(), or srandom() > or srandomdev() or arc4random() depending on what > you need the random data for. /dev/random is really only > useful for seeding these functions (some of them pull data > from /dev/random internally) It depends what you are trying to achieve, random and srandom aren't considered to be cryptographically secure. The userland version of arc4random() (which is RC4) is probably OK, but it's known to be distinguishable from random, which is technically a break. The kernel version is much less secure, because it's not guaranteed to be seeded properly. For non-trivial Monte-Carlo work you're better-off with something intended for the purpose, such as the Mersenne Twister. > The device has thus been optimized > for seed generation to feed these other functions. It wasn't, it was designed to be a fast and secure all-round random number generator. > If you really want to roll-your-own and not use these functions > then you could read blocks from /dev/random and run > a Chi-square and Monte Carlo test on each > block and discard the ones that don't pass. > > I've done my experimenting with the ENT program: > > http://www.fourmilab.ch/random/ I'm sceptical about this, if Rijndael in counter-mode produced output that's distinguishable from random numbers over a few thousand bytes it would surely never have made it into the AES competition, let alone win it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: using /dev/random
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Robert Huff > Sent: Monday, September 22, 2008 9:54 PM > To: [EMAIL PROTECTED] > Subject: using /dev/random > > > > What is the canonical way to get data from /dev/random? > Specifically: having opened the file, how do I read the stream? > I'm currently using > > > union { > float f; > char c[4]; > } foo; > > foo.f = 0.0; > > fscanf(rand_fp,"%4c",foo.c); > > > which doesn't seem to produce anywhere near "random bytes" as > promised by the man page. > > > Robert Huff > The canonical way is to use the functions random(), or srandom() or srandomdev() or arc4random() depending on what you need the random data for. /dev/random is really only useful for seeding these functions (some of them pull data from /dev/random internally) The thrust behind the FreeBSD /dev/random device is that we know that getting lots of real random data from /dev/random is difficult, however getting non-repeating seeds from /dev/random is easy. The device has thus been optimized for seed generation to feed these other functions. If you really want to roll-your-own and not use these functions then you could read blocks from /dev/random and run a Chi-square and Monte Carlo test on each block and discard the ones that don't pass. I've done my experimenting with the ENT program: http://www.fourmilab.ch/random/ ie: dd if=/dev/urandom bs=3000 count=100 of=random-sample ent random-sample Successive runs of that with different data sets and blocksizes clearly illustrates the generator can't pass Chi-square quite a lot of times. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: using /dev/random
What is the canonical way to get data from /dev/random? Specifically: having opened the file, how do I read the stream? I'm currently using union { float f; char c[4]; } foo; foo.f = 0.0; fscanf(rand_fp,"%4c",foo.c); simply read 4 bytes into foo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"