[geeks] whee!!!

Jonathan C. Patschke jp at celestrion.net
Sun Apr 21 12:56:34 CDT 2002


On Sun, 21 Apr 2002, Scott Howard wrote:

> Way too much CPU compared to what?  The author of ANDIrand openly
> claims that it's randomness isn't that good, and I think if you look into
> it you'll find that prngd isn't much better.  Good pseudo-ramdonness needs
> lots of CPU - perhaps Sun's just done it better than the others?

Too much CPU compared to being actually usable on anything less than an
Ultra2.  prngd pulls its randomness from the outputs of netstat, tail
/var/adm/messages, and a few other data sources.  Conceptually it's a good
idea, but I haven't run any sort of formal strength-testing on it.

> Other way around - the Sol8 patch is a backport of whats in Sol9.

I think we're talking about a different patch.  The patch I was talking
about was originally an iPlanet component.

> > are they going to do the right thing and implement a kernel-mode
> 
> Umm.. isn't this what we already have?
> 
> marvin# modinfo | grep -i rand
> 104 1026811f   1d42  56   1  random (random number device v1.1)

Okay, now I -know- we're talking about different patches.  The one I
installed was completely usermode and horribly slow.  It's also been out
for a while--at least a year.

> > /dev/random with hooks for their new crypto boards?
> 
> The /dev/random patch and the crypto cards are definitely related (the
> patch was rushed out _because_ of the crypto cards), although I'm not
> exactly sure in what way they are related.

Excellent.  Those new crypto boards kick a -lot- of ass[1].  I'm impressed
that Sun thought it worthwhile to make them work with OpenSSL, instead of
just iPlanet.

--Jonathan
[1] And I'm not just saying that because my soon-to-be father-in-law was
    on the devel team. :)



More information about the geeks mailing list