On Thu, Jan 21, 2016 at 02:12:06PM +0800, Fam Zheng wrote: > On Wed, 01/20 17:38, Daniel P. Berrange wrote: > > +int qcrypto_random_bytes(uint8_t *buf G_GNUC_UNUSED, > > + size_t buflen G_GNUC_UNUSED, > > + Error **errp) > > +{ > > + error_setg(errp, "No random byte source provided in this build"); > > + return -1; > > Curious, why does a random(3) or /dev/random implementation fall short to > error?
random(3) does not provide crytographically strong random numbers. /dev/random would be suitable, but if we read that directly we would deplete entropy very quickly. The gnutls backends will use /dev/random in combination with a cryptographically secure generator to provide high entropy numbers, at a high data rate. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|