Linux 5.6 Seeing Random Changes, New "Insecure" Option With GRND_INSECURE
1 min read
Jan 08, 2020
The recent work by longtime kernel developer Andy Lutomirski on improving Linux's random APIs and introducing a new "GRND_INSECURE" option is now queued into the random dev queue ahead of the Linux 5.6 cycle. Learn more:
These changes to the random number generation add a new GRND_INSECURE flag for getentropy() and removes the blocking pool (though /dev/random can still block after the system has booted). These changes provide for some code cleanups and GRND_INSECURE allows returning potentially "insecure" random data.
Depending upon the system state, GRND_INSECURE output may not meet the standards for being cryptographically random but is enough for the kernel providing the best random output it can when requested. GRND_INSECURE is sufficient for "best-effort non-cryptographic bytes" when users may not necessarily need strong random output.
The link for this article located at Phoronix is no longer available.
Related Articles
1 - 0 min read
Linux vs. Windows: A Critical Look at Desktop Choices
1 - 0 min read
Linux Version of DinodasRAT Raises Serious Security Concerns
