DJB librandombytes


Jan 26

New librandombytes: This is designed to shield applications from having to worry about random() not being very random, RAND_bytes() maybe failing, older machines not having getrandom(), /dev/urandom maybe not being initialized, /dev/random being slow, etc.

Seems to be a one stop shop to mitigate all the slowness and silent failure disasters with Linux PRNGs.

1 Like

A C library.

Not going to improve entropy system wide. Only for applications that explicitly make use of the library.


librandombytes does not provide a new RNG; it is a wrapper around existing RNGs. It does not wrap every available RNG; it limits the number of options to simplify review. It takes the maximally centralized option, the OS kernel’s RNG, by default; it provides one backup option, the OpenSSL RNG, just in case this is critical for system performance.

There’s a lot of nice content here:

A lot of it would be useful quotations in the wiki, here: