On Fri, Aug 3, 2018 at 9:19 AM Janne Blomqvist <blomqvist.ja...@gmail.com> wrote: > > The getentropy function, found on Linux, OpenBSD, and recently also > FreeBSD, can be used to get random bytes to initialize the PRNG. It > is similar to the traditional way of reading from /dev/urandom, but > being a system call rather than a special file, it doesn't suffer from > problems like running out of file descriptors, or failure when running > in a container where /dev/urandom is not available. > > Regtested on x86_64-pc-linux-gnu, Ok for trunk?
Actually, getentropy() is similar to reading from /dev/random, where getrandom() is similar to reading from /dev/urandom. Since the original behavior of getosrandom() is to read from /dev/urandom, I think it is better to use getrandom() for consistent semantics. Furthermore, getentropy() may block to achieve an appropriate degree of randomness, since it is intended for secure use. Of course such block time would hardly be noticeable for a one-time read of a thousand bits or so... but on principle I think we should provide a quick cheesy seed by default, and the user may provide his own seed if he wants expensive secure bits. Just my opinion. I am personally OK with the [second version of the] patch | sed s/getentropy/getrandom/g. Fritz
