From: Andy Lutomirski Subject: Re: [PATCH, RFC] random: introduce getrandom(2) system call Date: Thu, 17 Jul 2014 14:37:34 -0700 Message-ID: References: <201407171848.s6HImBb4027900@glazunov.sibelius.xs4all.nl> <53C83383.4040507@amacapital.net> <20140717212806.GV1491@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 To: "Theodore Ts'o" , Andy Lutomirski , Mark Kettenis , "linux-kernel@vger.kernel.org" , linux-crypto@vger.kernel.org, beck@openbsd.org Return-path: Received: from mail-la0-f46.google.com ([209.85.215.46]:43722 "EHLO mail-la0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752334AbaGQVh4 (ORCPT ); Thu, 17 Jul 2014 17:37:56 -0400 Received: by mail-la0-f46.google.com with SMTP id b8so2195573lan.5 for ; Thu, 17 Jul 2014 14:37:54 -0700 (PDT) In-Reply-To: <20140717212806.GV1491@thunk.org> Sender: linux-crypto-owner@vger.kernel.org List-ID: On Thu, Jul 17, 2014 at 2:28 PM, Theodore Ts'o wrote: > On Thu, Jul 17, 2014 at 01:35:15PM -0700, Andy Lutomirski wrote: >> >> Can we please have a mode in which getrandom(2) can neither block nor >> fail? If that gets added, then this can replace things like AT_RANDOM. > > AT_RANDOM has been around for a long time; it's not something we can > remove. I'm not suggesting removing AT_RANDOM. To the contrary, I'm suggesting that libraries that need to seed some kind of non-cryptographic, non-security-related RNG could use getrandom(2) with appropriate flags rather than screwing around with getpid, clock_gettime, etc. For example: unsigned int seed; getrandom(&seed, sizeof(seed), GRND_BEST_EFFORT); /* Never fails on new enough kernels */ srand(seed); No error checking, no weird cases, and if the RNG isn't well seeded, then I tried my best. --Andy