Last time I checked karc4random() was an in-kernel ARC4 CSPRNG/random number generator.
Maybe since the last time I checked, someone has ripped that out and replaced it with a call to the superior
IBAA/L15 in-kernel CSPRNG/random number generator.
I would have to check the sources to find out if that is the case or not; I'll do it after I finish this reply.
To answer your question: ARC4/RC4 is a poor quality CSPRNG/random number generator, i.e. it is
bad in a number of different ways.
Whereas, the in-kernel IBAA/L15 CSPRNG random numberr generator is vastly superior in a number of
different ways.
That's why it is better to use it, rather than ARC4/RC4 (karc4random()).
Hope that answers your question.

On 25 November 2010 16:30, Alex Hornung (via DragonFly issue tracker) <bugs@crater.dragonflybsd.org> wrote:

Alex Hornung <ahornung@gmail.com> added the comment:

Care to explain the reasoning behind that a bit more? Why is karc4random()
worse? What are the exact benefit of using the other interface?

I thought karc4random also takes advantage of randomness fed in from devices,


status: unread -> chatting

DragonFly issue tracker <bugs@lists.dragonflybsd.org>

Robin Carey