[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: use of RDRAND in $random_library

Joey Hess wrote:
> Josh Triplett wrote:
> > However, just as we encourage projects to reuse libraries rather than
> > copying code around, we *should* encourage projects to use standardized
> > randomness libraries rather than hardcoding rdrand (or, for that matter,
> > hardcoding /dev/urandom).
> Performance aside, why is a standardized randomness library (which does
> not currently exist) better than a stanardized kernel interface?

At least two reasons: because a random number source that doesn't
require kernel privileges should not need to take the performance hit of
going through the kernel, and because many userspace applications will
not want to follow the kernel's rejection of hardware random number

Also, while no widely used library exists, at least one library does
exist: libcryptorandom.  Given the straightforward nature of the
algorithm (if hardware random numbers available, use them, otherwise
read from /dev/{,u}random as appropriate), I'd bet other such
implementations exist.  To encourage code reuse and ease of systemwide
changes, I think it makes sense to package such libraries and have
userspace applications use them rather than hardcoding support for any
particular hardware random number source.

- Josh Triplett

Reply to: