top | item 44612473

(no title)

zx2c4 | 7 months ago

On Linux, there's no need to use this. Modern Linux kernels implement getrandom() in the vDSO, which does similar buffering, and keeps those buffers safe in the event of forks or VM forks and kernel reseed events.

The readme says:

> Maintains all cryptographic security guarantees of crypto/rand

I'm not sure that's correct. If you're running this in a VM that forks, this new package will give out the same random bytes to both VMs, which could be catastrophic. If you're using normal crypto/rand, Linux has got you covered, and the VM forks get reseeded.

discuss

No comments yet.