"Andrey A. Chernov" wrote:
>
> On Fri, Jun 09, 2000 at 10:02:44PM +0200, Mark Murray wrote:
> > > > But I repeat myself; are you still intending to use cryptographic security
> > > > for one bit? What does that buy you? An attacker will laugh at the waste
> > > > of resources that went into a coin-flip :-). Much better is to use something
> > > > cheaper like time-of-day XOR 1 << whatever.
> > >
> > > Pseudo random numbers are so cheap (or they should be) that you
> > > just don't want to try and 'optimize' here. It is much better to
> > > be conservative and use a good PRNG until it *proves* to be very
> > > problematic.
> >
> > Why not just XOR the whole lot into the current ${randomnumber}?
> > That way, at least the effort of the whole calculation is not wasted
> > as much.
Good point, there is no need to throw them away indeed.
> Why to XOR true random bits from arc4random() with non-random bits from
> getpid()? It only weakens. Better way is just remove any getpid() code and
> left arc4random() only.
Then you will get collisions which you will have to deal with. I am not
familiar with the code but if we can handle collisions nicely then that
would be the way to go: 64^6 = 2^36 possibilities which is nice...
Cheers,
Jeroen
--
Jeroen C. van Gelderen o _ _ _
[EMAIL PROTECTED] _o /\_ _ \\o (_)\__/o (_)
_< \_ _>(_) (_)/<_ \_| \ _|/' \/
(_)>(_) (_) (_) (_) (_)' _\o_
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
