Re: Support getrandom() for pg_strong_random() source
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Masahiko Sawada <sawada.mshk@gmail.com>
Cc: Peter Eisentraut <peter@eisentraut.org>, Michael Paquier <michael@paquier.xyz>, Daniel Gustafsson <daniel@yesql.se>, Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-08-18T15:38:25Z
Lists: pgsql-hackers
On Thu, Aug 14, 2025 at 3:16 PM Masahiko Sawada <sawada.mshk@gmail.com> wrote: > > On Fri, Aug 8, 2025 at 3:37 PM Jacob Champion > <jacob.champion@enterprisedb.com> wrote: > > > So, my next question: is getrandom() always preferable to /dev/urandom? > > I believe so. While /dev/urandom source should be kept as a fallback > for older kernels, we should use getrandom() if available. For > example, getrandom() can be used even in the face of file-descriptor > exhaustion and lack of access to the random devices[1]. Also, it would > be much faster than reading /dev/urandom as I shared the benchmark > result[2]. Yeah. My personal reasons to be excited about it are 1) the newer, more sensible one-shot blocking behavior for safety, and 2) the ability for the OS to figure out when a virtualized environment has potentially "forked" So I think I would be in favor of adding this as an always-preferred alternative to /dev/urandom, to begin. Thinking a bit further ahead: what are some criteria we would need to research to decide whether getrandom() would be preferable to OpenSSL? Gathering a couple of considerations from upthread: - FIPS behavior - Speed vs. size of a "typical" request - Version-specific behavior of OpenSSL and/or the OS - Need for safety in virtualized environments - ...? Thanks, --Jacob