On Sun, Jul 21, 2019 at 02:41:57PM +0000, [email protected] wrote: > hi, > > since netbsd won't stop using broken setups like xen (which don't > provide randomness) to build packages, why don't we give up on > /dev/random entirely?
Replacing the /dev/random device node by a symlink to /dev/urandom sounds fine. For binaries it is easy to just use the sysctl instead to get high quality randomness. Are there any shell script like applications that seriously would require something better than /dev/urandom? The other issue is the urban rumour that you may want to pull a real random byte out of /dev/random before using /dev/urandom - maybe we should have a "aggregate" sysctl doing just that (so applications can get a single byte real entropy + as many /dev/urandom ones as they like in a single call)? Martin
