|
| 1 | +Add an internal multi-backend entropy system |
| 2 | + |
| 3 | +This Phobos release introduces an internal multi-backend system for the |
| 4 | +retrieval of entropy (as in cryptographically-secure random numbers obtained |
| 5 | +from a suitable random number generator provided by the operating system). |
| 6 | + |
| 7 | +The current implementation supports the `getrandom` syscall on Linux. |
| 8 | + |
| 9 | +On BSD systems `arc4random_buf` or `getentropy` are used — depending on |
| 10 | +which is implemented by the OS and powered by a secure (non-RC4) algorithm. |
| 11 | + |
| 12 | +Additionally, reading entropy from the character devices `/dev/urandom` and |
| 13 | +`/dev/random` is available on all POSIX targets. |
| 14 | + |
| 15 | +On Windows `BCryptGenRandom` (from the |
| 16 | +$(I Cryptography API: Next Generation (“BCrypt”))) is provided as a backend. |
| 17 | +`CryptGenRandom` from the legacy $(I CryptoAPI) is not supported for the time |
| 18 | +being. |
| 19 | + |
| 20 | +Furthermore, this replaces the `getrandom` backwards compatibility shim |
| 21 | +that had been added by v2.111.1 for Linux targets. |
| 22 | +Instead backwards compatibility is now provided by a hunt strategy algorithm |
| 23 | +that tries potentially available entropy sources one by one to find one that |
| 24 | +is available on the running system. |
| 25 | +Given that the character devices serve as a fallback option here, |
| 26 | +`urandom` is favored over `random`. That is because modern kernel versions — |
| 27 | +where `random` would exhibit the usually more preferable behavior of blocking |
| 28 | +only until the entropy pool has been initialized — will also provide the |
| 29 | +`getrandom` syscall in the first place. Performing the syscall, in turn, is |
| 30 | +even better as it does not depend on the runtime environment exposing the |
| 31 | +special devices in predefined locations, thus working also within chroot |
| 32 | +environments. |
0 commit comments