[Announce] Libgcrypt 1.8.4 released

Werner Koch wk at gnupg.org
Tue Oct 30 15:33:03 CET 2018

On Mon, 29 Oct 2018 18:22, dkg at fifthhorseman.net said:

> This characterization is unfortunate, since the getrandom() default
> behavior is *not* the /dev/urandom behavior.  In particular, the

I used to explain that getrandom uses the urandom pool and not the
random pool.  They are separate and have different properties.  See
Stephan Müller's paper he wrote for the BSI.

> getrandom() default behavior blocks until the kernel's internal pool has
> been fully initialized, while /dev/urandom never blocks.  This is one of

That is detail and could even be viewed as a bug fix for the
open("/dev/urandom") behaviour.  Which in the early days of Linux was
also different.

> think that the change will cause them to possibly use an uninitialized
> PRNG like /dev/urandom, because that is not the case with the change

Those who are using Libgcrypt in the early boot phase should be aware of
the problem with modern Linux kernels.    Again, see the paper.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20181030/145a1140/attachment.sig>

More information about the Gnupg-devel mailing list