From e35b540832825437827addeb7ecd04c3e14d81bb Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 10 Jun 2013 10:33:56 -0400 Subject: [PATCH 1/2] When we seed from /proc/sys/kernel/random/uuid, count it as success Found by Joseph Spadavecchia --- arc4random.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arc4random.c b/arc4random.c index cabc46f4b..33ddc2c7e 100644 --- a/arc4random.c +++ b/arc4random.c @@ -286,6 +286,7 @@ arc4_seed_proc_sys_kernel_random_uuid(void) } memset(entropy, 0, sizeof(entropy)); memset(buf, 0, sizeof(buf)); + arc4_seeded_ok = 1; return 0; } #endif @@ -387,6 +388,7 @@ arc4_stir(void) */ for (i = 0; i < 12*256; i++) (void)arc4_getbyte(); + arc4_count = BYTES_BEFORE_RESEED; return 0; From 6e4969614723a46061d6a98162480de209fd03a0 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 10 Jun 2013 10:38:12 -0400 Subject: [PATCH 2/2] Document that arc4random is not a great cryptographic PRNG. --- include/event2/util.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/include/event2/util.h b/include/event2/util.h index 4b7e8b45f..52d58ddc7 100644 --- a/include/event2/util.h +++ b/include/event2/util.h @@ -648,9 +648,12 @@ const char *evutil_gai_strerror(int err); /** Generate n bytes of secure pseudorandom data, and store them in buf. * - * By default, Libevent uses an ARC4-based random number generator, seeded - * using the platform's entropy source (/dev/urandom on Unix-like systems; - * CryptGenRandom on Windows). + * Current versions of Libevent use an ARC4-based random number generator, + * seeded using the platform's entropy source (/dev/urandom on Unix-like + * systems; CryptGenRandom on Windows). This is not actually as secure as it + * should be: ARC4 is a pretty lousy cipher, and the current implementation + * provides only rudimentary prediction- and backtracking-resistance. Don't + * use this for serious cryptographic applications. */ void evutil_secure_rng_get_bytes(void *buf, size_t n);