[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: getrandom vs. crypto/gc-random
|
From: |
Bruno Haible |
|
Subject: |
Re: getrandom vs. crypto/gc-random |
|
Date: |
Tue, 02 Jun 2020 01:51:07 +0200 |
|
User-agent: |
KMail/5.1.3 (Linux/4.4.0-177-generic; KDE/5.18.0; x86_64; ; ) |
Hi Paul,
> > No guidance regarding getrandom vs. crypto/gc-random any more?
>
> The main advantage of getrandom and/or getentropy over crypto/gc-random is the
> simpler API and lower maintenance/runtime overhead. crypto/gc-random is a
> better
> match if you're already using the other crypto/* APIs. I could add text along
> these lines if this sounds like a good idea.
Yes, that would sound good.
> Come to think of it, crypto/gc-random could be rewritten to use getrandom.
Yes, that sounds reasonable. libgcrypt (the "big brother" of crypto/gc-random)
also already uses getentropy or getrandom.
Simon, what do you think?
> should avoid some issues on
> platforms where /dev/urandom doesn't exist but the getrandom syscall does.
Yes. /dev/urandom exists in all OSes (except native Windows). The syscall was
introduced for the benefit of containers (Linux) or jails (FreeBSD), where
the devices may not be available, and for situations where the file descriptor
table of the process is full. [1]
Bruno
[1] https://lwn.net/Articles/606141/