> > Getrandom() is a syscall, and I have concerns about the syscall > > performance. I would rather feed getrandom (or /dev/random if that’s > > not available) into a FIPS DRBG generator. > > What is your concerns about syscall performance? What are your > performance requirements? I can tell you that Chrome has been using > /dev/urandom
Well, Chrome ultimately works at human-scale. On the server side, thousands of connections per second and one or two syscalls per connection seems like something we should avoid. > My recommendation for Linux is to use getrandom(2) the flags field set to > zero. And for older Linux? > So if you are going to be trying to design your own RNG > for OpenSSL --- welcome to my world. We seem to have moved away from that somewhat. That's a better place to be. > find that in the end, it's impossible to make them all happy, and they will > end > up questioning your intelligence, judgement, and in some cases, your > paternity. :-) I miss Usenet. :) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
