Re: Support getrandom() for pg_strong_random() source

On Fri, Aug 8, 2025 at 3:25 PM Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> wrote:
> On the other hand, I found a blog post[3] (10 years-old post) that on
> Solaris the output of getentropy() should not be used where randomness
> is needed. I'm not sure it's still true but I guess that it might be
> reasonable to consider that this is correct behavior in principle, and
> that the behavior of glibc etc. is in some sense an exception.

Thanks for finding that! Ah, FIPS:

> More specifically the data returned by getentropy(2) has not had the required FIPS 140-2 processing for the DRBG applied to it.

So FIPS compliance is a case where "a stream of numbers would be
suitable for seeding a CSPRNG, but not suitable as output from a
CSPRNG". That's evidence enough for me to abandon my preference for
getentropy() (whether Solaris still does that or not).

I've been looking at libsodium's randomness implementations [1]:

> On Windows systems, the RtlGenRandom() function is used.
> On OpenBSD and Bitrig, the arc4random() function is used.
> On recent FreeBSD and Linux kernels, the getrandom system call is used.
> On other Unices, the /dev/urandom device is used.

(Note that libsodium has some internal concept of a "safe" arc4random
implementation, which it locks to certain platforms. If an OS is still
literally using RC4 we would not want to use it.)

So, my next question: is getrandom() always preferable to /dev/urandom?

--Jacob

[1] https://doc.libsodium.org/generating_random_data