Re: genrand_unix problem on Solaris

From: Laszlo PETER <Laszlo Peter ireland sun com>
To: Owen Taylor <otaylor redhat com>
Cc: orbit-list gnome org
Subject: Re: genrand_unix problem on Solaris
Date: Tue, 20 Feb 2001 13:33:08 +0000

Hi,

Thanks for the response, and sorry for being stupid, I didn't
realize what this is used for.

Owen Taylor wrote:

> The point of genrand() is to produce a unpredictable key.
>
> genrand_dev() does this in a very carefully controlled by
> using /dev/random, if the kernel provides that.
>
> genrand_unix() is a poor substitute that uses the theory
> of "do lots of stuff in a crazy fashion and maybe it
> will be random".
>
> I don't believe your genrand_lrand48() is unpredictable
> at all - pseudo-random generators like that used by
> random() and srand48() are 100% predictable as long as
> the seed is known.

[...]

> You might want to ask around, or take a look at security
> related packages. The operation of generating an unpredictable
> key is essential to many security-related tasks.

OK, I did look around.
I found that OpenSSL has a RAND_bytes function that
     "puts num cryptographically strong pseudo-random
     bytes into buf. An error occurs if the PRNG has not been
     seeded with enough randomness to ensure an unpredictable
     byte sequence."

It seems to me that the purpose of that is the same as the purpose
of genrand.
So how about an implementation using RAND_bytes on the condition
that the system has OpenSSL installed?

Thanks,

Laca

Follow-Ups:
- Re: genrand_unix problem on Solaris
  - From: Elliot Lee

References:
- genrand_unix problem on Solaris
  - From: Laszlo PETER
- Re: genrand_unix problem on Solaris
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]