Thanks,arc4random looks pretty reasonable. I have heard that timings in
interrupts are widely used and, for example, a current processor voltage can be
used. But maybe the latter was only for embedded systems, I am not sure.
I can see that chacha20 implememntation is taked from openBSD. Should all parts
of crypto kit be taken from there?
09.03.2019, 11:43, Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>On Sat, Mar 09,
2019 at 11:35:09AM +0300, Lee Mon wrote:
> Hello, I found out that for random string generation rand() is used in the
>
rand_str():https://review.haiku-os.org/c/haiku/+/438/3/src/kits/crypto/Crypto.cpp
> Should we use something more random than default rand()? Or is it good
enough?
Hi,
There is a work in progress implementation of arc4random here:
https://review.haiku-os.org/c/haiku/+/32
However, it needs getentropy (there is no good random generator without
entropy sources). An initial implementation is in the previous patch
(31, linked from the above), but it does not actually collect any
entropy yet.
You can read more about the design and internals of arc4random here:
http://www.openbsd.org/papers/hackfest2014-arc4random/mgp00001.html
--
Adrien.
