Re: Support getrandom() for pg_strong_random() source
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: Masahiko Sawada <sawada.mshk@gmail.com>, Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>, Michael Paquier <michael@paquier.xyz>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-07-28T15:29:29Z
Lists: pgsql-hackers
On Mon, Jul 28, 2025 at 4:36 AM Daniel Gustafsson <daniel@yesql.se> wrote: > There has in the past been discussions (at least off-list in hallway tracks) > about allowing randomness to be chosen separately from underlying factors such > as OpenSSL support, at the time it didn't seem worth the trouble but that may > well have changed. Yeah, especially if other options with similar strength could be much faster. But the comparison is really going to be OS-dependent [1, 2]. > With OpenSSL 1.1.1 being the baseline we can also make use of the _priv_bytes > functions to get increased isolation. Hmm, that's an interesting idea too. To move this forward a tiny bit: I would be okay with maintaining a new getentropy() case. (I'm less excited about getrandom() because of its reduced reach.) And maybe down the line we should discuss choosing an option at configure time? --Jacob [1] https://lwn.net/Articles/983186/ [2] https://dotat.at/@/2024-10-01-getentropy.html