Techly NewsGet the app

Get the latest tech news

Getentropy() vs. RAND_bytes()


couple of notable things have happened in recent months: - There is a new edition of POSIX for 2024. There’s lots of good stuff in it, but today I am writing about getentropy() which is the first officially standardized POSIX API for getting cryptographically secure random numbers.

A notable feature of getentropy() is that it will not produce an arbitrarily large number of bytes: it can provide just enough to securely key a userland CSPRNG. While writing this blog post, I discussed this fork() issue with Rich Salz (who re-wrote OpenSSL’s RAND to use a NIST FIPS DRBG algorithm). Unlike a stateful userland CSPRNG, if you call getentropy() directly, you don’t have to worry about repeated output due to fork() or VM clones.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of RAND_bytes

RAND_bytes

Photo of Getentropy

Getentropy

« Today in History: October 5, Steve Jobs dies at 56
U.S. Wiretap Systems Targeted in China-Linked Hack »