Change Details

See summary of the Linux change https://lwn.net/ml/linux-kernel/cover.1577088521.git.luto@kernel.org/ : > It adds getentropy(..., GRND_INSECURE). This causes getentropy to > always return *something*. There is no guarantee whatsoever that > the result will be cryptographically random or even unique, but the > kernel will give the best quality random output it can. The name is > a big hint: the resulting output is INSECURE. > > The purpose of this is to allow programs that genuinely want > best-effort entropy to get it without resorting to /dev/urandom. > Plenty of programs do this because they need to do *something* > during boot and they can't afford to wait. Calling it "INSECURE" is > probably the best we can do to discourage using this API for things > that need security. GRND_INSECURE patch: https://lwn.net/ml/linux-kernel/d5473b56cf1fa900ca4bd2b3fc1e5b8874399919.1577088521.git.luto@kernel.org/ , GRND_INSECURE accepted by tytso: https://lwn.net/ml/linux-kernel/20200107204400.GH3619@mit.edu/

See summary of the Linux change https://lwn.net/ml/linux-kernel/cover.1577088521.git.luto@kernel.org/ : > It adds getentropy(..., GRND_INSECURE). This causes getentropy to always return *something*. There is no guarantee whatsoever that the result will be cryptographically random or even unique, but the kernel will give the best quality random output it can. The name is a big hint: the resulting output is INSECURE. > The purpose of this is to allow programs that genuinely want best-effort entropy to get it without resorting to /dev/urandom. Plenty of programs do this because they need to do *something* during boot and they can't afford to wait. Calling it "INSECURE" is probably the best we can do to discourage using this API for things that need security. GRND_INSECURE patch: https://lwn.net/ml/linux-kernel/d5473b56cf1fa900ca4bd2b3fc1e5b8874399919.1577088521.git.luto@kernel.org/ , GRND_INSECURE accepted by tytso: https://lwn.net/ml/linux-kernel/20200107204400.GH3619@mit.edu/

See summary of the Linux change https://lwn.net/ml/linux-kernel/cover.1577088521.git.luto@kernel.org/ : > It adds getentropy(..., GRND_INSECURE). This causes getentropy to > always return *something*. There is no guarantee whatsoever that > the result will be cryptographically random or even unique, but the > kernel will give the best quality random output it can. The name is > a big hint: the resulting output is INSECURE. > > The purpose of this is to allow programs that genuinely want > best-effort entropy to get it without resorting to /dev/urandom. > Plenty of programs do this because they need to do *something* > during boot and they can't afford to wait. Calling it "INSECURE" is > probably the best we can do to discourage using this API for things > that need security. GRND_INSECURE patch: https://lwn.net/ml/linux-kernel/d5473b56cf1fa900ca4bd2b3fc1e5b8874399919.1577088521.git.luto@kernel.org/ , GRND_INSECURE accepted by tytso: https://lwn.net/ml/linux-kernel/20200107204400.GH3619@mit.edu/