|
Please take a look at
https://lore.kernel.org/lkml/CAHk-=wiGg-G8JFJ=R7qf0B+UtqA_Weouk6v+McmfsLJLRq6AKA@xxxxxxxxxxxxxx/ and consider giving your comments. TL;DR: see the comment below. + * Hacky workaround for the fact that some processes + * ask for truly secure random numbers and absolutely want + * to wait for the entropy pool to fill, and others just + * do "getrandom(0)" to get some ad-hoc random numbers. + * + * If you're generating a secure key, you'd better ask for + * more than 128 bits of randomness. Otherwise it's not + * really all that secure by definition. + * + * We should add a GRND_SECURE flag so that people can state + * this "I want secure random numbers" explicitly. |
