Re: CONFIG_RANDOM (compromise?)

Theodore Y. Ts'o (
Thu, 16 May 1996 11:48:20 -0400

From: Albert Cahalan <>
Date: Wed, 15 May 1996 20:16:00 -0400 (EDT)

Add an option called CONFIG_WEAK_RANDOM. When set, most of the
calls to add randomness become NOPs and the pool becomes much
smaller, perhaps only 256 bytes. A pseudo-random number generator
is used, but we give it a kick every now and then with random data.
Output from it gets hashed with existing code, such as the network
or decompression CRC checks. Since most of the add randomness calls
will be disabled, let the remaining ones add twice as many bits.

No, no, no, no, no.....

It seems that most of the people who are flaming on this topic have no
idea how weak a pseudo-random number generator really is. Only a few
values is all you generally need before you can completely predict the
output of such a best.

Getting good random numbers is *hard*. If you're not really paranoid,
you're probably doing it wrong, and someone who is clever can walk all
over you. This has been proven again and again, with Netscape getting
humiliated on the front page of the Wall Street Journal.

- Ted