tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: getrandom and getentropy

> nia@ wrote the getentropy patch (probably needs a set list update too,
> and could use an automatic test); I wrote the getrandom patch.
> Feedback welcome!

My arguments for getentropy can be roughly summarized:

- It's just providing access to functionality already exposed to
  userspace, but making it easier to use. No new syscall is needed.
- There's no potentially surprising blocking behaviour, it's
  generally quite dumb and difficult to misuse.
- Since even glibc(!) has it now, it's more likely to be picked
  up by third-party software than the sysctl method.

The man page explicitly states this is only for seeding RNGs,
it's not an arc4random replacement.

If we adopt any of the "new" randomness APIs, I'd prefer it be this one.

>       /*
>        * May block, may return very short reads, like /dev/random;
>        * limited to 512 bytes.  NOT RECOMMENDED -- provided only for
>        * source compatibility with applications written for Linux,
>        * FreeBSD, or Solaris.
>        */
>       nread = getrandom(buf, buflen, GRND_RANDOM);

Interestingly, in FreeBSD GRND_RANDOM is a non-op.
It's the same as passing 0. I think this is preferable behaviour, since
it's less likely to be misused. But the proposed behaviour is probably
ok, since entropy isn't "depleted" by default.

Home | Main Index | Thread Index | Old Index