On Tue, Jun 27, 2017 at 06:55:47PM +0000, Salz, Rich via openssl-dev wrote: > Getrandom() is a syscall, and I have concerns about the syscall > performance. I would rather feed getrandom (or /dev/random if > that’s not available) into a FIPS DRBG generator.
What is your concerns about syscall performance? What are your performance requirements? I can tell you that Chrome has been using /dev/urandom (which has the same performance characteristics as the getrandom system call) directly for all of its random number generation needs (e.g., it's calling each time in dees to generate a session key for TLS, etc.) and no one has complained. My recommendation for Linux is to use getrandom(2) the flags field set to zero. This will cause it to use a CRNG that will be reseeded every five minutes from environmental noise gathered primarily from interrupt timing data. For modern kernels, the CRNG is based on ChaCha20. For older kernels, it is based on SHA-1. There are a lot of people who have complained about whether or not Linux's urandom generator has met with there religious beliefs about how RNG's should be designed and implemented. One of the things you will find is that many of these people are very vocal, and in some cases, their advice will be mutually exclusive. So if you are going to be trying to design your own RNG for OpenSSL --- welcome to my world. (In other words, I do listen to many of the people who have opined on this thread. I just don't happen to agree with all of them. And I suspect you will find that in the end, it's impossible to make them all happy, and they will end up questioning your intelligence, judgement, and in some cases, your paternity. :-) - Ted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev