Alexey E. Suslikov <alexey.suslikov <at> gmail.com> writes: > > hi tech <at> . > > Security Improvements section needs love. > > I have found these: > > * rand(3)/random(3) -> arc4random*() conversion > * new secure identd implementation (not started by default) > * security(8) now checks npppd(8) configuration files
* more random(4) randomness from dmesg, disklabel checksum and manufacturer-supplied bios serial/uuid; * Added AES-XTS support to aesni crypto(4) driver on amd64. Allows softraid(4) to benefit from the AES-NI instructions on newer Intel CPUs * Switched the malloc(3) and pool freelists to using xor simpleq. Adds a tiny bit more protection from list manipulation.
