> On Aug 3, 2018, at 9:19 AM, Janne Blomqvist <blomqvist.ja...@gmail.com> wrote:
>
> The getentropy function, found on Linux, OpenBSD, and recently also
> FreeBSD, can be used to get random bytes to initialize the PRNG. It
> is similar to the traditional way of reading from /dev/urandom, but
> being a system call rather than a special file, it doesn't suffer from
> problems like running out of file descriptors, or failure when running
> in a container where /dev/urandom is not available.
I don't understand why this is useful.
getrandom, and /dev/random, are for strong (secure) RNGs. A PRNG is something
entirely different. By saying we use entropy to seed it, we blur the
distinction and create the false impression that the PRNG has security
properties.
It would be better to initialize with something more obviously insecure, like
gettimeofday().
paul
