Project

General

Profile

Actions

Bug #600

open

/sys/libkern/karc4random

Added by robin_carey5 almost 17 years ago. Updated about 9 years ago.

Status:
New
Priority:
Low
Assignee:
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

What is the point of keeping/using the in-kernel arc4
random number generator when you already have a very
good/superior IBAA/L15 random number generator.

If you need a u_int32_t quantity then simply add a
function to /sys/kern/kern_nrandom.c to produce a
u_int32_t.

--

Some issues with /sys/libkern/karc4random.c :

(a) If you intend to keep /sys/libkern/karc4random.c I
recommend you make a modification to it to improve
performance: Every time the karc4_random() function is
called it calls getmicrotime(), to check the time, and
it also checks the number of runs made, to see if it
should reseed itself. You can make a big performance
improvement by removing this call to getmicrotime()
and instead simply checking the number of runs to
determine when it should reseed itself.

(b) The karc4random.c file uses u_int8_t types for
arc4_i, arc4_j and arc4_t so there is no need for the
% 256 operation - another performance improvement.

(c) In arc4_init() you are throwing away 256*4 bytes
of output, when you only need to throw away the first
256 bytes of output.

Sincerely,
R Carey.

___________________________________________________
Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
now.
http://uk.answers.yahoo.com/
Actions #1

Updated by dillon almost 17 years ago

:What is the point of keeping/using the in-kernel arc4
:random number generator when you already have a very
:good/superior IBAA/L15 random number generator.
:
:If you need a u_int32_t quantity then simply add a
:function to /sys/kern/kern_nrandom.c to produce a
:u_int32_t.

There are numerous references still around, many of which can
probably be switched to the new in-kernel ABI trivially and
some of which probably need a bit of review first. It is not
on my priority list but if someone wants to start submitting
tested patches I am certainly happy to commit them!
-Matt
Actions #2

Updated by alexh over 14 years ago

Why can't all the references to karc4rand/karc4random just be switched over to
use kern_nrandom family?

Cheers,
Alex Hornung

Actions #3

Updated by profmakx about 9 years ago

  • Description updated (diff)
  • Assignee changed from 0 to profmakx

From a recent conversation with alexh on IRC. I'll assign this to myself and have a look.

13:18 < profmakx> alexh, you think we should use Chacha for (k)arc4random?
13:36 <
alexh> well, yes, arc4, but the entropy isn't from arc4
13:36 < alexh> :)
13:37 <
alexh> so just wondering where it gets the entropy form
13:37 < alexh> from
13:37 <
profmakx> the entropy comes from read_random_unlimited
13:37 < profmakx> and hence from whatever is siet in randmode
13:37 <
alexh> and that one uses what?
13:37 < alexh> hm
13:37 <
alexh> does it?
13:37 < alexh> ok
13:37 <
profmakx> per default mixed ibaa & csprng
13:38 < alexh> hm no
13:38 <
alexh> seems to use IBAA only
13:38 < alexh> afaict
13:38 <
profmakx> how do you tell?
13:39 < alexh> 609((u_char *)buf)[i] = IBAA_Byte();
13:39 <
alexh> that is,
13:39 < profmakx> oh there
13:39 <
profmakx> urgh
13:39 < alexh> that should probably use the csprng, or the usual mix
13:40 <
alexh> although
13:40 < alexh> I think the reason I didn't change it is because urandom uses that
13:41 <
alexh> for urandom, IBAA only is fine
13:41 < alexh> it'd probably be a good idea to split that out
13:41 <
alexh> make a read_random_unlimited_cheap and read_random_unlimited
13:41 < profmakx> right
13:41 <
alexh> use read_random_unlimited_cheap where proper randomness doesn't matter, e.g. urandom
13:42 < alexh> and use read_random_unlimited elsewhere, in the kernel, where it does matter
13:43 <
alexh> not necessarily everywhere in the kernel
13:43 < profmakx> i just read that openbsd/netbsd use chacha for arc4random now
13:43 <
alexh> just where it's used for some cryptographic purpose
13:43 < alexh> I mean, you can use tie it in directly into read_random_unlimited
13:43 <
alexh> and remove the whole arc4random indirection
13:44 < alexh> but you'll still have to split out read_random_unlimited{,_cheap}
13:45 <
profmakx> ChaCha20 is also used for random number generator arc4random in OpenBSD, NetBSD and Dragonfly BSD operating systems, instead of "broken" RC4
13:45 < profmakx> hurr
13:45 <
profmakx> factually wrong wikipedia articles for teh win
13:46 <@ profmakx> mhm the userspace arc4random does use /dev/random

Actions

Also available in: Atom PDF