Make -devrandom option a no-op?
#596
Comments
|
I don't mind if it is removed / replaced with a no-op, at least for me it is no longer that relevant (due to the newer Go version and modern Linux kernels used). Note that Linux now also generates entropy instead of returning low quality randomness to usermode right after startup: https://lwn.net/Articles/802360/. Best regards, |
rfjakob
added a commit
that referenced
this issue
Aug 25, 2021
Commit f3c777d added the `-devrandom` option: commit f3c777d Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. #596
|
Done in 61ef6b0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Commit f3c777d added the
-devrandomoption:We now require Go 1.13 (a5f88e8)
However, it looks like kernel 3.16 is still alive with the last commit only a year ago: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=linux-3.16.y
@slackner do you think
-devrandomis still useful?The text was updated successfully, but these errors were encountered: