ossf / secure-sw-dev-fundamentals

Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)
Creative Commons Attribution 4.0 International
179 stars 46 forks source link

Linux random number generator updates #158

Open nmav opened 3 months ago

nmav commented 3 months ago

This includes the POSIX interface getentropy, that is simpler to use than getrandom, and in practice it is available for as long as getrandom is available in glibc, in addition to being part of OpenBSD before that. https://pubs.opengroup.org/onlinepubs/9799919799/

This patch set also removes the long discussion about /dev/random and /dev/urandom which I loved, but today these interfaces function similarly. https://github.com/torvalds/linux/commit/30c08efec8884fb106b8e57094baa51bb4c44e32

nmav commented 1 week ago

Any update on the merging status of this? The intent of the proposal is to get this section to apply to modern kernels and reduce the semantic complexity discussed. I find the value of giving a simple story of the current semantics of the devices significant, as a newcomer to Linux will not have to increase their limited mental load with details that are only of historical interest. The only "change" is the mentioning of getentropy because and correct me if I'm wrong it serves the same simplification.