Gnulib module: getrandom
Portability problems fixed by Gnulib:
Portability problems not fixed by Gnulib:
GRND_INSECUREflag is missing on some platforms: glibc 2.34, macOS 10.15, GNU/kFreeBSD, FreeBSD 12.0, OpenBSD 6.7, Minix 3.3, Haiku.
GRND_RANDOMflag has different effects on different platforms. Some platforms ignore the flag, or yield data that can fail to be random in some cases.
Although this function is intended to produce random data, the data’s security properties may not be appropriate for your application. For example, identical “random” data streams might be produced by rebooted virtual machines. If this is of concern you may need to use additional techniques such as hedging.2
Related modules include
getentropy, which has a simpler but
more-limited API, and
crypto/gc-random, which is likely a
better match for code already using the other
Ristenpart T, Yilek S. When good randomness goes bad: virtual machine vulnerabilities and hedging deployed cryptography. NDSS 2010.