Providing a user-space CSPRNG requires care and attention to detail, but I think we should do it anyway, because it’s the only way to get both the performance that most people want, and the randomness strength that people ought to want (whether they know it or not).
And it’s honestly not that hard. For one thing, if the C library provides arc4random_buf
, just call that and you’re done. This exists on most of the BSDs nowadays, and I think musl libc has it as well, and there are plans to get it into glibc (but that might take a while, sigh).
If the C library doesn’t take care of it for you, then the hard part is not the algorithm — any modern stream cipher will do just fine — but making sure it’s properly seeded and the internal state doesn’t leak and can’t be duplicated. This is just a bunch of fiddly little details and an obsessive test suite. The only thing that I know can’t be done reliably on Linux right now is protection against someone calling the raw fork
or clone
syscalls behind your back (you need MAP_INHERIT_ZERO
for that).