Re: Support getrandom() for pg_strong_random() source

On Thu, Aug 14, 2025 at 3:16 PM Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> wrote:
>
> On Fri, Aug 8, 2025 at 3:37 PM Jacob Champion
> <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> > So, my next question: is getrandom() always preferable to /dev/urandom?
>
> I believe so. While /dev/urandom source should be kept as a fallback
> for older kernels, we should use getrandom() if available. For
> example, getrandom() can be used even in the face of file-descriptor
> exhaustion and lack of access to the random devices[1]. Also, it would
> be much faster than reading /dev/urandom as I shared the benchmark
> result[2].

Yeah. My personal reasons to be excited about it are
1) the newer, more sensible one-shot blocking behavior for safety, and
2) the ability for the OS to figure out when a virtualized environment
has potentially "forked"

So I think I would be in favor of adding this as an always-preferred
alternative to /dev/urandom, to begin.

Thinking a bit further ahead: what are some criteria we would need to
research to decide whether getrandom() would be preferable to OpenSSL?
Gathering a couple of considerations from upthread:
- FIPS behavior
- Speed vs. size of a "typical" request
- Version-specific behavior of OpenSSL and/or the OS
- Need for safety in virtualized environments
- ...?

Thanks,
--Jacob