Re: using /dev/random
On Thu, 25 Sep 2008 20:33:34 +0100 Kris Kennaway [EMAIL PROTECTED] wrote: RW wrote: On Tue, 23 Sep 2008 11:52:07 -0400 kern.random.sys.seeded is just a flag that gets set to 1 on each reseed. IIRC it's also initialized to 1 so it doesn't actually do anything very useful. Except tell you that the kernel random number generator has finished seeding ;) Not if it's initialized to 1. I'm not really sure if this is a bug, or whether the developers simply gave-up on starting the device blocked - rc.d/initrandom would unblock it anyway. The checks in rc.d/sshd are pointless. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using /dev/random
RW wrote:
On Tue, 23 Sep 2008 11:52:07 -0400
Lowell Gilbert [EMAIL PROTECTED] wrote:
Robert Huff [EMAIL PROTECTED] writes:
What is the canonical way to get data from /dev/random?
Specifically: having opened the file, how do I read the stream?
I'm currently using
union {
float f;
char c[4];
} foo;
foo.f = 0.0;
fscanf(rand_fp,%4c,foo.c);
which doesn't seem to produce anywhere near random bytes
as promised by the man page.
Have you turned off the seeded variable? You'll fall back to a
software pseudorandom sequence if you don't.
kern.random.sys.seeded is just a flag that gets set to 1 on each
reseed. IIRC it's also initialized to 1 so it doesn't actually do
anything very useful.
Except tell you that the kernel random number generator has finished
seeding ;)
Kris
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using /dev/random
What is the canonical way to get data from /dev/random?
Specifically: having opened the file, how do I read the stream?
I'm currently using
union {
float f;
char c[4];
} foo;
foo.f = 0.0;
fscanf(rand_fp,%4c,foo.c);
simply read 4 bytes into foo
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: using /dev/random
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robert Huff
Sent: Monday, September 22, 2008 9:54 PM
To: [EMAIL PROTECTED]
Subject: using /dev/random
What is the canonical way to get data from /dev/random?
Specifically: having opened the file, how do I read the stream?
I'm currently using
union {
float f;
char c[4];
} foo;
foo.f = 0.0;
fscanf(rand_fp,%4c,foo.c);
which doesn't seem to produce anywhere near random bytes as
promised by the man page.
Robert Huff
The canonical way is to use the functions random(), or srandom()
or srandomdev() or arc4random() depending on what
you need the random data for. /dev/random is really only
useful for seeding these functions (some of them pull data
from /dev/random internally)
The thrust behind the FreeBSD /dev/random device is that
we know that getting lots of real random data from /dev/random is
difficult, however getting non-repeating seeds from
/dev/random is easy. The device has thus been optimized
for seed generation to feed these other functions.
If you really want to roll-your-own and not use these functions
then you could read blocks from /dev/random and run
a Chi-square and Monte Carlo test on each
block and discard the ones that don't pass.
I've done my experimenting with the ENT program:
http://www.fourmilab.ch/random/
ie:
dd if=/dev/urandom bs=3000 count=100 of=random-sample
ent random-sample
Successive runs of that with different data sets and blocksizes
clearly illustrates the generator can't pass Chi-square quite
a lot of times.
Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using /dev/random
On Tue, 23 Sep 2008 00:51:02 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: The canonical way is to use the functions random(), or srandom() or srandomdev() or arc4random() depending on what you need the random data for. /dev/random is really only useful for seeding these functions (some of them pull data from /dev/random internally) It depends what you are trying to achieve, random and srandom aren't considered to be cryptographically secure. The userland version of arc4random() (which is RC4) is probably OK, but it's known to be distinguishable from random, which is technically a break. The kernel version is much less secure, because it's not guaranteed to be seeded properly. For non-trivial Monte-Carlo work you're better-off with something intended for the purpose, such as the Mersenne Twister. The device has thus been optimized for seed generation to feed these other functions. It wasn't, it was designed to be a fast and secure all-round random number generator. If you really want to roll-your-own and not use these functions then you could read blocks from /dev/random and run a Chi-square and Monte Carlo test on each block and discard the ones that don't pass. I've done my experimenting with the ENT program: http://www.fourmilab.ch/random/ I'm sceptical about this, if Rijndael in counter-mode produced output that's distinguishable from random numbers over a few thousand bytes it would surely never have made it into the AES competition, let alone win it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using /dev/random
On Tue, 23 Sep 2008 13:39:35 +0100 RW [EMAIL PROTECTED] wrote: On Tue, 23 Sep 2008 00:51:02 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: If you really want to roll-your-own and not use these functions then you could read blocks from /dev/random and run a Chi-square and Monte Carlo test on each block and discard the ones that don't pass. I've done my experimenting with the ENT program: http://www.fourmilab.ch/random/ I'm sceptical about this, if Rijndael in counter-mode produced output that's distinguishable from random numbers over a few thousand bytes it would surely never have made it into the AES competition, let alone win it. I tried it myself (the windows binary runs under wine), it looks OK to me, they look like normal statistical fluctuations. You need to worry of they are consistently low or high, or if you *never* get extreme values. Discarding the blocks that don't pass would produce less random numbers, not better. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using /dev/random
Robert Huff [EMAIL PROTECTED] writes:
What is the canonical way to get data from /dev/random?
Specifically: having opened the file, how do I read the stream?
I'm currently using
union {
float f;
char c[4];
} foo;
foo.f = 0.0;
fscanf(rand_fp,%4c,foo.c);
which doesn't seem to produce anywhere near random bytes as
promised by the man page.
Have you turned off the seeded variable? You'll fall back to a
software pseudorandom sequence if you don't.
Most computers don't have all that much real random data (entropy) to
work with, and if you need a lot of random data, you're more or less
forced to use a good pseudorandom generator. Good can vary a bit
depending on application, but random(3) is generally more than good
enough for monte carlo style simulation purposes.
Cryptography is another story. I have a hardware random number
generator on my server, which helps with performance in some cases...
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using /dev/random
Robert Huff [EMAIL PROTECTED] writes:
What is the canonical way to get data from /dev/random?
Specifically: having opened the file, how do I read the stream?
I'm currently using
union {
float f;
char c[4];
} foo;
foo.f = 0.0;
fscanf(rand_fp,%4c,foo.c);
which doesn't seem to produce anywhere near random bytes as
promised by the man page.
Have you turned off the seeded variable? You'll fall back to a
software pseudorandom sequence if you don't.
Most computers don't have all that much real random data (entropy) to
work with, and if you need a lot of random data, you're more or less
forced to use a good pseudorandom generator. Good can vary a bit
depending on application, but random(3) is generally more than good
enough for monte carlo style simulation purposes.
Cryptography is another story. I have a hardware random number
generator on my server, which helps with performance in some cases...
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: using /dev/random
On Tue, 23 Sep 2008 11:52:07 -0400
Lowell Gilbert [EMAIL PROTECTED] wrote:
Robert Huff [EMAIL PROTECTED] writes:
What is the canonical way to get data from /dev/random?
Specifically: having opened the file, how do I read the stream?
I'm currently using
union {
float f;
char c[4];
} foo;
foo.f = 0.0;
fscanf(rand_fp,%4c,foo.c);
which doesn't seem to produce anywhere near random bytes
as promised by the man page.
Have you turned off the seeded variable? You'll fall back to a
software pseudorandom sequence if you don't.
kern.random.sys.seeded is just a flag that gets set to 1 on each
reseed. IIRC it's also initialized to 1 so it doesn't actually do
anything very useful.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
using /dev/random
What is the canonical way to get data from /dev/random?
Specifically: having opened the file, how do I read the stream?
I'm currently using
union {
float f;
char c[4];
} foo;
foo.f = 0.0;
fscanf(rand_fp,%4c,foo.c);
which doesn't seem to produce anywhere near random bytes as
promised by the man page.
Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
