On Fri, 18 Jul 2014 21:06:31 +0100 Steven Chamberlain wrote: > *If* getpid involves a syscall on every arc4random_buf call, that is > going to already going to limit its performance? Would it really be > any slower to just return random bytes from the kernel, with the > KERN_ARND sysctl? I think KERN_ARND uses the kernel version of arc4random rather than Yarrow - unless something changed. > The overhead of currently having to initially and > periodically seed RC4, discard the early keystream, and apply that > cipher thereafter, would be gone. The risk of the problem described > above, or of weaknesses in RC4, or implementation issues with > arc4random's PRNG seeding are also gone. The RANDOM kernel module may not be present, particularly in a stripped-down embedded kernel. In that case yarrow isn't present in the kernel, and kernel arc4random isn't securely seeded. An application may then securely seed userland arc4random via arc4random_addrandom(). Supporting that requires at least the possibility to fall back to a userland PRNG. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"