Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

1. That's not random number generation code, that's code that uses random number generators.

2. What algorithm? It's just RDRAND.

3. Where else would you pass them?

4. What do you mean 'they'? CPU manufacturers?

You might also be interested in this comment: https://github.com/systemd/systemd/blob/bcac754d66374782a85a...



Not sure if you followed the links I posted, but as Poettering said, the problem is that there are collisions in UUIDs. UUID generation should be robust to random number collisions.


So you actually want them to wrap RDRAND in their own random number generator?

> UUID generation should be robust to random number collisions.

The UUID standards say that nowhere at all, it is only acknowledged that collisions may happen even if they are unlikely.


Purpose of UUID is to be unique, not random. There is no need to wrap RDRAND into another random generator. One can use time/counter as one part of UUID and kernel provided PRNG, e. g. getrandom(2) for another part.


> getrandom(2) for another part.

But you cannot use getrandom().

During early boot, the kernel will either block indefinitely and/or log the uninitialized urandom read as a security problem. It was the entire reason that brought systemd's rdrand code into existence.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: