On Mon, Aug 13, 2018 at 5:36 PM, Fritz Reese <fritzore...@gmail.com> wrote:
> On Fri, Aug 3, 2018 at 9:19 AM Janne Blomqvist > <blomqvist.ja...@gmail.com> wrote: > > > > The getentropy function, found on Linux, OpenBSD, and recently also > > FreeBSD, can be used to get random bytes to initialize the PRNG. It > > is similar to the traditional way of reading from /dev/urandom, but > > being a system call rather than a special file, it doesn't suffer from > > problems like running out of file descriptors, or failure when running > > in a container where /dev/urandom is not available. > > > > Regtested on x86_64-pc-linux-gnu, Ok for trunk? > > Actually, getentropy() is similar to reading from /dev/random, where > getrandom() is similar to reading from /dev/urandom. No, getentropy is similar to getrandom with the flags argument == 0. Which is similar to reading /dev/urandom, except that just after boot if enough entropy hasn't yet been gathered, it may block instead of returning some not-quite-random data. But once it has been initialized, it will never block again. I agree that reading from /dev/random is overkill, but this patch isn't doing the equivalent of that. > Since the > original behavior of getosrandom() is to read from /dev/urandom, I > think it is better to use getrandom() for consistent semantics. > > Furthermore, getentropy() may block to achieve an appropriate degree > of randomness, since it is intended for secure use. The only time this might happen is just after boot, after that the entropy never drains (in contrast to /dev/random). So unless you're planning to write an init daemon in Fortran, this shouldn't matter. -- Janne Blomqvist
