Taylor Blau <me@xxxxxxxxxxxx> writes: >> I actually wonder if we should simply die() in such a case. That's not >> very friendly from a libification stand-point, but we really can't >> progress on much without being able to generate random bytes. > > Alternatively, we could fall back to the existing code paths. This is > somewhat connected to my suggestion to Randall earlier in the thread. > But I would rather see that fallback done at compile-time for platforms > that don't give us an easy-to-use CSPRNG, and avoid masking legitimate > errors caused from trying to use a CSPRNG that should exist. Yeah, I do not think we are doing this because the current code is completely broken and everybody needs to move to CSPRNG that makes it absoletely safe---rather this is still just making it safer than the current code, when system support is available. So a fallback to the current code would be a good (and easy) thing to have, I would think. Thanks.
