> How do OpenBSD do it?
They use arc4random(), to add a random increment.
> Just curious whether you have a reference for doing this or
> whether it was
> an ad-hoc change. Playing with cryptographic algorithms isn't
> usually a
> good idea unless you're sure, as I'm sure you know.
Yup - dead right. The requirements in this instance are however
also slightly different to what you normally use a cryptographic
hash for. I want to let the code be picked at a bit before
it goes into the tree though.
>
> I'd expect Yarrow to be (perhaps quite a bit) slower than our existing
> PRNG - it's a more conservative design and uses primitives
> like SHA-1 (for
> yarrow-160). I don't know how much of an impact this would be for
> network performance.
If it is only used to generate a secret every 5 minutes, that should not
be a problem.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
