[PATCH 1/1] tools: use cryptographically safe RNG
Rasmus Villemoes
ravi at prevas.dk
Fri Nov 15 11:41:25 CET 2024
On Fri, Nov 15 2024, Heinrich Schuchardt <heinrich.schuchardt at canonical.com> wrote:
>> >
>> > Linking against libbsd might be an alternative on older systems.
>>
>> Or use getrandom(), which according to the man page has been exposed via
>> glibc since glibc 2.25. Or just read from /dev/urandom which should work
>> everywhere.
>>
>> Rasmus
>>
>
>
> /dev/urandom is not available in containers.
What container runtime doesn't provide such basic nodes to containers?
Is /dev/null also not available in those containers? Strange.
And how, in that case, would the C library (or libbsd, or whatever
implements arc4random) then actually obtain random bytes to hand out or
seed its internal state? Using arc4random() or rand48() or xkcd221()
doesn't fix lack of access to proper random numbers, it may just hide
the problem and silence some static checker that knows "random() is
bad!", but doesn't know that arc4random() might be just as bad if used
in a crippled environment.
Rasmus
More information about the U-Boot
mailing list