> On Sat, 19 Jul 2014, Mateusz Guzik wrote: >> I believe the idea here is to have reliable source for reseeding after >> fork. That is one issue, for which getrandom(2) may be an improvement, but I mentioned other problems. On 19/07/14 22:07, Benjamin Kaduk wrote: > I don't think that's quite right; there are issues in reliably detecting > that fork has occurred and a reseed performed. > Always getting random bits from the kernel avoids the need to detect fork. Precisely. A syscall may be fast enough (uniquely on FreeBSD) to provide arc4random_buf output, and perhaps be already as fast as doing getpid on each call and running a stream cipher in userland. RW mentioned kernels without RANDOM, being an awkward situation for which it seems necessary to fall back to the PRNG in userland. Regards, -- Steven Chamberlain steven@pyro.eu.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"