On Fri, Jun 09, 2000 at 10:02:44PM +0200, Mark Murray wrote:
> > > But I repeat myself; are you still intending to use cryptographic security
> > > for one bit? What does that buy you? An attacker will laugh at the waste
> > > of resources that went into a coin-flip :-). Much better is to use something
> > > cheaper like time-of-day XOR 1 << whatever.
> >
> > Pseudo random numbers are so cheap (or they should be) that you
> > just don't want to try and 'optimize' here. It is much better to
> > be conservative and use a good PRNG until it *proves* to be very
> > problematic.
>
> Why not just XOR the whole lot into the current ${randomnumber}?
> That way, at least the effort of the whole calculation is not wasted
> as much.
Why to XOR true random bits from arc4random() with non-random bits from
getpid()? It only weakens. Better way is just remove any getpid() code and
left arc4random() only.
--
Andrey A. Chernov
<[EMAIL PROTECTED]>
http://ache.pp.ru/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
