On Thu, Jan 21, 2016 at 02:12:06PM +0800, Fam Zheng wrote:
> On Wed, 01/20 17:38, Daniel P. Berrange wrote:
> > +int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED,
> > + size_t buflen G_GNUC_UNUSED,
> > + Error **errp)
> > +{
> > + error_setg(errp, "No random byte source provided in this build");
> > + return -1;
>
> Curious, why does a random(3) or /dev/random implementation fall short to
> error?
random(3) does not provide crytographically strong random numbers.
/dev/random would be suitable, but if we read that directly we would
deplete entropy very quickly.
The gnutls backends will use /dev/random in combination with a
cryptographically secure generator to provide high entropy
numbers, at a high data rate.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
