Bug #600
open/sys/libkern/karc4random
Description
What is the point of keeping/using the in-kernel arc4
random number generator when you already have a very
good/superior IBAA/L15 random number generator.
If you need a u_int32_t quantity then simply add a
function to /sys/kern/kern_nrandom.c to produce a
u_int32_t.
--
Some issues with /sys/libkern/karc4random.c :
(a) If you intend to keep /sys/libkern/karc4random.c I
recommend you make a modification to it to improve
performance: Every time the karc4_random() function is
called it calls getmicrotime(), to check the time, and
it also checks the number of runs made, to see if it
should reseed itself. You can make a big performance
improvement by removing this call to getmicrotime()
and instead simply checking the number of runs to
determine when it should reseed itself.
(b) The karc4random.c file uses u_int8_t types for
arc4_i, arc4_j and arc4_t so there is no need for the
% 256 operation - another performance improvement.
(c) In arc4_init() you are throwing away 256*4 bytes
of output, when you only need to throw away the first
256 bytes of output.
Sincerely,
R Carey.
___________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/
Updated by dillon over 17 years ago
:What is the point of keeping/using the in-kernel arc4
:random number generator when you already have a very
:good/superior IBAA/L15 random number generator.
:
:If you need a u_int32_t quantity then simply add a
:function to /sys/kern/kern_nrandom.c to produce a
:u_int32_t.
There are numerous references still around, many of which can
probably be switched to the new in-kernel ABI trivially and
some of which probably need a bit of review first. It is not
on my priority list but if someone wants to start submitting
tested patches I am certainly happy to commit them!
-Matt
Updated by alexh almost 15 years ago
Why can't all the references to karc4rand/karc4random just be switched over to
use kern_nrandom family?
Cheers,
Alex Hornung
Updated by profmakx almost 10 years ago
- Description updated (diff)
- Assignee changed from 0 to profmakx
From a recent conversation with alexh on IRC. I'll assign this to myself and have a look.
13:18 < profmakx> alexh, you think we should use Chacha for (k)arc4random?
alexh> well, yes, arc4, but the entropy isn't from arc4
13:36 <
13:36 < alexh> :)
alexh> so just wondering where it gets the entropy form
13:37 <
13:37 < alexh> from
profmakx> the entropy comes from read_random_unlimited
13:37 <
13:37 < profmakx> and hence from whatever is siet in randmode
alexh> and that one uses what?
13:37 <
13:37 < alexh> hm
alexh> does it?
13:37 <
13:37 < alexh> ok
profmakx> per default mixed ibaa & csprng
13:37 <
13:38 < alexh> hm no
alexh> seems to use IBAA only
13:38 <
13:38 < alexh> afaict
profmakx> how do you tell?
13:38 <
13:39 < alexh> 609((u_char *)buf)[i] = IBAA_Byte();
alexh> that is,
13:39 <
13:39 < profmakx> oh there
profmakx> urgh
13:39 <
13:39 < alexh> that should probably use the csprng, or the usual mix
alexh> although
13:40 <
13:40 < alexh> I think the reason I didn't change it is because urandom uses that
alexh> for urandom, IBAA only is fine
13:41 <
13:41 < alexh> it'd probably be a good idea to split that out
alexh> make a read_random_unlimited_cheap and read_random_unlimited
13:41 <
13:41 < profmakx> right
alexh> use read_random_unlimited_cheap where proper randomness doesn't matter, e.g. urandom
13:41 <
13:42 < alexh> and use read_random_unlimited elsewhere, in the kernel, where it does matter
alexh> not necessarily everywhere in the kernel
13:43 <
13:43 < profmakx> i just read that openbsd/netbsd use chacha for arc4random now
alexh> just where it's used for some cryptographic purpose
13:43 <
13:43 < alexh> I mean, you can use tie it in directly into read_random_unlimited
alexh> and remove the whole arc4random indirection
13:43 <
13:44 < alexh> but you'll still have to split out read_random_unlimited{,_cheap}
profmakx> ChaCha20 is also used for random number generator arc4random in OpenBSD, NetBSD and Dragonfly BSD operating systems, instead of "broken" RC4
13:45 <
13:45 < profmakx> hurr
profmakx> factually wrong wikipedia articles for teh win
13:45 <
13:46 <@ profmakx> mhm the userspace arc4random does use /dev/random