| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Support getrandom() for pg_strong_random() source |
| Date: | 2025-08-25 20:06:56 |
| Message-ID: | CAOYmi+=rNEAx4MHzMh3wDMpZ=wunBsnCXn-PML2AokygyWWJdA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 25, 2025 at 11:30 AM Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> wrote:
> > Gathering a couple of considerations from upthread:
> > - FIPS behavior
>
> Do you mean random numbers generated by getrandom() complaints FIPS?
> Based on my research, there doesn't appear to be any explicit
> statement indicating that Linux's CSPRNG module complies with FIPS
> requirements. However, there is a proposal to implement LRNG[1], which
> would be FIPS-compliant.
Right. I guess what I'm asking with that particular bullet point is:
If, tomorrow, I threw caution to the wind and proposed that we use
getrandom() on Linux over OpenSSL by default, would any FIPS users
complain? Or are they all using distributions that have already
applied FIPS patches to the getrandom() part of the kernel anyway?
(But I intended for that to be a possible future point of discussion,
not a blocker for your smaller proposal.)
Thanks,
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2025-08-25 20:33:08 | Re: Improve LWLock tranche name visibility across backends |
| Previous Message | Robert Haas | 2025-08-25 19:50:05 | Re: making EXPLAIN extensible |