2010/12/22 Theo de Raadt <dera...@cvs.openbsd.org>: > Go ahead, do a FIPS check on it. You will be doing a FIPS check on > 4096 bytes here, then a gap of unknown length, then 4096 bytes here, > then a gap of unknown length, then 4096 bytes here, then a gap of > unknown length, ....
that's true, if one uses just /dev/arandom (as other consumers will call arc4random() in the "background" as well). However if one changes the code of arc4random() and arc4random_buf() to emit all generated random values, we will get the whole sequence, from the very first byte, no matter what "consumer" requestes data. Reading from /dev/arandom will then generate the required amount of random values for the statistic tests, while we can still record all values. I'll see if I'll be able to do that, just for the sake of learning something about the internals of openbsd. Do you have a hint, how I could emit the random values from arc4random in a "clever" way? I thought of using an internal buffer and accessing that through sysctl or another device, e.g. /dev/randstream. The later looks more complicated, but will certainly teach me more about openbsd internals. Regards Kurt Knochner http://knochner.com/
