On Wed, Jul 04, 2012 at 07:51:25PM +0000, Pawel Jakub Dawidek wrote: > Author: pjd > Date: Wed Jul 4 19:51:25 2012 > New Revision: 238118 > URL: http://svn.freebsd.org/changeset/base/238118 > > Log: > Prefer sysctl to open/read/close for obtaining random data. > This method is more sandbox-friendly and also should be faster as only > one syscall is needed instead of three. > In case of an error fall back to the old method. > > Reviewed by: simon, gleb > MFC after: 2 weeks IMO it is weird and against a purpose of sysctl that kern.arand sysctl exists at all. I would prefer to not spread its usage more. We have to keep it to preserve ABI compatibility, but I do not think that the location for random data provider is right, not to mention higher overhead of sysctl machinery.
I do think that /dev/random is the right approach, or (less preferable) you could consider adding syscall to get randomness.
pgprp69c4ZNzH.pgp
Description: PGP signature