[gnutls-devel] lock-free random generator

Niels Möller nisse at lysator.liu.se
Tue Feb 28 07:57:29 CET 2017

Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> writes:

> And to answer myself, I do not think we need something complex as
> yarrow in gnutls. Older systems may have needed it, but today we can
> rely on /dev/urandom and getentropy() interfaces, and as such I no
> longer it is necessary to bring that complexity to gnutls.

Makes sense to me too. But do you plan any fallback for other systems? I
guess one could require the use of some separate randomness gathering

What about MacOS and Microsoft Windows, do they have something
comparable to /dev/random these days?

Then I'd expect that there are quite some systems out there, where
getting adequate randomness isn't easy. Like small embedded systems, and
it's also unclear to me how /dev/random works on virtual machines. But
just using a mixer like yarrow or fortuna isn't enough, since the tricky
problem is the sourcing of the mixer.


Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.

More information about the Gnutls-devel mailing list