[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: getrandom vs. crypto/gc-random

From: Bruno Haible
Subject: Re: getrandom vs. crypto/gc-random
Date: Tue, 02 Jun 2020 01:51:07 +0200
User-agent: KMail/5.1.3 (Linux/4.4.0-177-generic; KDE/5.18.0; x86_64; ; )

Hi Paul,

> > No guidance regarding getrandom vs. crypto/gc-random any more?
> The main advantage of getrandom and/or getentropy over crypto/gc-random is the
> simpler API and lower maintenance/runtime overhead. crypto/gc-random is a 
> better
> match if you're already using the other crypto/* APIs. I could add text along
> these lines if this sounds like a good idea.

Yes, that would sound good.

> Come to think of it, crypto/gc-random could be rewritten to use getrandom.

Yes, that sounds reasonable. libgcrypt (the "big brother" of crypto/gc-random)
also already uses getentropy or getrandom.

Simon, what do you think?

> should avoid some issues on
> platforms where /dev/urandom doesn't exist but the getrandom syscall does.

Yes. /dev/urandom exists in all OSes (except native Windows). The syscall was
introduced for the benefit of containers (Linux) or jails (FreeBSD), where
the devices may not be available, and for situations where the file descriptor
table of the process is full. [1]


[1] https://lwn.net/Articles/606141/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]