Hacker News new | past | comments | ask | show | jobs | submit login

It should have read just 16 or 32 bytes from /dev/random in order to seed its own CSPRNG (at most once per process invocation, only when first needed)



No! Per-processs CSPRNGs are a terrible idea. Fork-safety is hard. Swap-safety is hard.


I guess all programming is kinda hard, it's the nature of expectations of modern computing.

Per-process CSPRNGs are pretty common. Most programs don't fork without exec, no problem for them. Managing a per-process CSPRNG is only hard for libraries that might be used by some programs that fork without exec, and don't want to require the program to do anything right.

No! It's not hard, just don't screw it up. This is true of most things.


Why not just use getrandom() or CryptGenRandom() instead and simplify everything avoiding all those classes of bugs?

A user space CSPRNG is just a foot-gun waiting to go off.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: