On Thu, May 5, 2016 at 2:40 AM, shawn wilson <[email protected]> wrote:
> I wonder what the gain is for putting RNGs in the kernel. > A naive userspace RNG will duplicate its internal state when you fork, which can be catastrophic in a cryptographic context. That's a problem that can be fixed by configuring a proper pthread_atfork() (or thereabouts) callback to reseed a userspace RNG when a process forks, but illustrative of the sorts of sharp edges that can occur with userspace RNGs. If performance is important, properly implemented userspace RNGs can be helpful, but they're easy to screw up. -- Tony Arcieri
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
