Bug #600


Added by robin_carey5 over 8 years ago. Updated 9 months ago.

Status:NewStart date:
Priority:LowDue date:
Assignee:profmakx% Done:


Target version:-


What is the point of keeping/using the in-kernel arc4
random number generator when you already have a very
good/superior IBAA/L15 random number generator.

If you need a u_int32_t quantity then simply add a
function to /sys/kern/kern_nrandom.c to produce a


Some issues with /sys/libkern/karc4random.c :

(a) If you intend to keep /sys/libkern/karc4random.c I
recommend you make a modification to it to improve
performance: Every time the karc4_random() function is
called it calls getmicrotime(), to check the time, and
it also checks the number of runs made, to see if it
should reseed itself. You can make a big performance
improvement by removing this call to getmicrotime()
and instead simply checking the number of runs to
determine when it should reseed itself.

(b) The karc4random.c file uses u_int8_t types for
arc4_i, arc4_j and arc4_t so there is no need for the
% 256 operation - another performance improvement.

(c) In arc4_init() you are throwing away 256*4 bytes
of output, when you only need to throw away the first
256 bytes of output.

R Carey.

Yahoo! Answers - Got a question? Someone out there knows the answer. Try it


#1 Updated by dillon over 8 years ago

:What is the point of keeping/using the in-kernel arc4
:random number generator when you already have a very
:good/superior IBAA/L15 random number generator.
:If you need a u_int32_t quantity then simply add a
:function to /sys/kern/kern_nrandom.c to produce a

There are numerous references still around, many of which can
probably be switched to the new in-kernel ABI trivially and
some of which probably need a bit of review first. It is not
on my priority list but if someone wants to start submitting
tested patches I am certainly happy to commit them!


#2 Updated by alexh almost 6 years ago

Why can't all the references to karc4rand/karc4random just be switched over to
use kern_nrandom family?

Alex Hornung

#3 Updated by profmakx 9 months ago

  • Description updated (diff)
  • Assignee changed from 0 to profmakx

From a recent conversation with alexh on IRC. I'll assign this to myself and have a look.

13:18 <@ profmakx> alexh, you think we should use Chacha for (k)arc4random?
13:36 <@ alexh> well, yes, arc4, but the entropy isn't from arc4
13:36 <@ alexh> :)
13:37 <@ alexh> so just wondering where it gets the entropy form
13:37 <@ alexh> from
13:37 <@ profmakx> the entropy comes from read_random_unlimited
13:37 <@ profmakx> and hence from whatever is siet in randmode
13:37 <@ alexh> and that one uses what?
13:37 <@ alexh> hm
13:37 <@ alexh> does it?
13:37 <@ alexh> ok
13:37 <@ profmakx> per default mixed ibaa & csprng
13:38 <@ alexh> hm no
13:38 <@ alexh> seems to use IBAA only
13:38 <@ alexh> afaict
13:38 <@ profmakx> how do you tell?
13:39 <@ alexh> 609((u_char *)buf)[i] = IBAA_Byte();
13:39 <@ alexh> that is,
13:39 <@ profmakx> oh there
13:39 <@ profmakx> urgh
13:39 <@ alexh> that should probably use the csprng, or the usual mix
13:40 <@ alexh> although
13:40 <@ alexh> I think the reason I didn't change it is because urandom uses that
13:41 <@ alexh> for urandom, IBAA only is fine
13:41 <@ alexh> it'd probably be a good idea to split that out
13:41 <@ alexh> make a read_random_unlimited_cheap and read_random_unlimited
13:41 <@ profmakx> right
13:41 <@ alexh> use read_random_unlimited_cheap where proper randomness doesn't matter, e.g. urandom
13:42 <@ alexh> and use read_random_unlimited elsewhere, in the kernel, where it does matter
13:43 <@ alexh> not necessarily everywhere in the kernel
13:43 <@ profmakx> i just read that openbsd/netbsd use chacha for arc4random now
13:43 <@ alexh> just where it's used for some cryptographic purpose
13:43 <@ alexh> I mean, you can use tie it in directly into read_random_unlimited
13:43 <@ alexh> and remove the whole arc4random indirection
13:44 <@ alexh> but you'll still have to split out read_random_unlimited{,_cheap}
13:45 <@ profmakx> ChaCha20 is also used for random number generator arc4random in OpenBSD, NetBSD and Dragonfly BSD operating systems, instead of "broken" RC4
13:45 <@ profmakx> hurr
13:45 <@ profmakx> factually wrong wikipedia articles for teh win
13:46 <@ profmakx> mhm the userspace arc4random does use /dev/random

Also available in: Atom PDF