Re: Support getrandom() for pg_strong_random() source

> On 30 Jul 2025, at 13:10, Peter Eisentraut <peter@eisentraut.org> wrote:
>
> On 30.07.25 08:59, Masahiko Sawada wrote:
>> I've updated the patch to support getentropy() instead of getrandom().
>
> The point still stands that the number of installations without OpenSSL support is approximately zero, so what is the
purposeof this patch if approximately no one will be able to use it? 

The main usecase I've heard discussed (mostly in hallway tracks IIRC) is to
allow multiple PRNG's so that codepaths which favor performance over
cryptographic properties can choose, this would not be that but a small step on
that path (whether or not that's the appropriate step is debatable).

For installations without OpenSSL, getrandom() as an API over /dev/urandom
still works when /dev is chrooted away.  That subset might be too small to
spend code on though.

--
Daniel Gustafsson