* Theodore Ts'o: > But even if you didn't take the latest kernels, I think you will find > that if you actually benchmark how many queries per second a real-life > secure web server or VPN gateway, even the original 5.15.0 /dev/random > driver was plenty fast enough for real world cryptographic use cases. The idea is to that arc4random() is suitable in pretty much all places that have historically used random() (outside of deterministic simulations). Straight calls to getrandom are much, much slower than random(), and it's not even the system call overhead. Thanks, Florian