>> I'm reluctant to duplicate text in two places. I think that that
>> duplication os prt of the reason why we have the current mess.
>
> So, maybe all this discussion about which interface to choose, expected
> usage, etc. should go to a random.7 man page? This would be the logical
> location to detail the differences about the three interfaces. What do
> you think?
To follow up on this, what do you think of the following patch? I do not
propose it for inclusion as is but more as a kind of RFC. Would it be useful
to have this kind of table to sum up in one place the differences between
getrandom(), /dev/random and /dev/urandom?
Note that this is my first attempt to make tables in man pages so I have no
idea if I did things right or not.
Cheers,
Laurent
---
man2/getrandom.2 | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 75 insertions(+)
diff --git a/man2/getrandom.2 b/man2/getrandom.2
index 32c55bd..b337415 100644
--- a/man2/getrandom.2
+++ b/man2/getrandom.2
@@ -313,6 +313,81 @@ And indeed, such usage is unnecessary (and will be slow):
instead, use these interfaces to provide a small amount of
data used to seed a user-space pseudo-random number generator
for use by such applications.
+
+.\"
+.SS Comparison between getrandom, /dev/urandom and /dev/random
+
+.TS
+allbox;
+lb lb lb lb.
+Interface Pool Blocking behavior Behavior in early boot time
+T{
+.I /dev/random
+T} Blocking pool T{
+Blocks when the entropy estimate is too low until there is enough entropy again
+T} T{
+Blocks until enough entropy is gathered
+T}
+T{
+.I /dev/urandom
+T} T{
+Cryptographically-secure Random Number Generator (CRNG) output
+T} T{
+Does not block once the CRNG is ready
+T} T{
+Returns output from uninitialized CRNG (possibly low entropy and not suitable for cryptography)
+T}
+T{
+.BR getrandom ()
+T} T{
+Same as
+.I /dev/urandom
+T} T{
+Does not block once the pool is ready
+T} T{
+Blocks until the pool is ready
+T}
+T{
+.BR getrandom ()
+with
+.B GRND_RANDOM
+T} T{
+Same as
+.I /dev/random
+T} T{
+Blocks when the entropy estimate is too low until there is enough entropy again
+T} T{
+Blocks until the pool is ready
+T}
+T{
+.BR getrandom ()
+with
+.B GRND_NONBLOCK
+T} T{
+Same as
+.I /dev/urandom
+T} T{
+Does not block
+T} T{
+Returns -EAGAIN if the pool is not ready
+T}
+T{
+.BR getrandom ()
+with
+.B GRND_RANDOM
+and
+.B GRND_NONBLOCK
+T} T{
+Same as
+.I /dev/random
+T} T{
+Returns -EAGAIN if not enough entropy is available
+T} T{
+Returns -EAGAIN if the pool is not ready
+T}
+.TE
+
+
.\"
.SS Generating cryptographic keys
The amount of seed material required to generate a cryptographic key
--
2.10.1
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
