tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: getrandom and getentropy

On Sun, May 10, 2020 at 02:24:00PM +0300, Andreas Gustafsson wrote:
> The getentropy() man pages on OpenBSD, FreeBSD, and Linux all say it
> returns "high-quality" entropy, and do not caution against using it
> for security critical purposes such as key generation, so presumably
> applications do in fact use if for such purposes.  Given that,
> implementing it as getrandom(..., GRND_INSECURE) seems like a bad
> idea.

We don't warn people about unavailable of during very early
boot and a number of other issues either. If your application is running
during system initialisation, you are supposed to be somewhat aware of
the limitations in that case.


Home | Main Index | Thread Index | Old Index