Greg Price <gnp...@gmail.com
> Good question to ask. All of these are fine. The promise /dev/urandom makes
> is that, once it's properly initialized (*), every byte you read from it is
> cryptographically indistinguishable from a uniform random byte, uniformly
> random independent of every other byte ever read from it.
Greg thank you for the explanation and links for further reading.
Do you know know why there some special precautions in various
reads are "chunked" into blocks of 1048576 bytes. Why? An then sleeping sometimes?
libsodium seems to require sometime another random distribution and offers:
uint32_t randombytes_sysrandom_uniform(const uint32_t upper_bound)
which does some shaping. Addionally it seems to check for other error
possiblities (S_ISCHR,errno == EINTR) compared to the NaCL implementation while opening /dev/urandom.
And no sleeps?
I would have expected a blocking read of /dev/random to fill the gap until
/dev/urandom is ready, but both implementations do not provide
it. Thread safety does not seem to be a concern either?
Is there an explanation known for these precautions and design decisions?