@@ -19,55 +19,46 @@ use std::io::Read;
1919
2020use rand_core:: { RngCore , Error , ErrorKind , impls} ;
2121
22- /// A random number generator that retrieves randomness straight from
23- /// the operating system.
22+ /// A random number generator that retrieves randomness straight from the
23+ /// operating system. This is the preferred external source of randomness for
24+ /// most applications. Commonly it is used to initialize a user-space RNG, which
25+ /// can then be used with much lower overhead.
2426///
25- /// Platform sources:
27+ /// Sometimes there is the misconception that `OsRng` somehow provides 'better'
28+ /// random numbers than some good user-space cryptographic random number
29+ /// generator. This is not true, but `OsRng` has a role in initializing such an
30+ /// RNG. The initial seed of randomness has to come from somewhere.
2631///
27- /// - Linux, Android: read from `getrandom(2)` system call if available,
28- /// otherwise from` /dev/urandom`.
29- /// - MacOS, iOS: calls SecRandomCopyBytes.
30- /// - Windows: calls `RtlGenRandom`, exported from `advapi32.dll` as
31- /// `SystemFunction036`.
32+ /// You may prefer to use [`EntropyRng`] instead of `OsRng`. Is is unlikely, but
33+ /// not entirally theoretical, for `OsRng` to fail. In such cases `EntropyRng`
34+ /// falls back on a good alternative entropy source.
35+ ///
36+ /// `OsRng` usually does not block. On some systems, and notably virtual
37+ /// machines, it may block very early in the init process, when the OS CSPRNG
38+ /// has not yet been seeded.
39+ ///
40+ /// ## Platform sources:
41+ ///
42+ /// - Linux, Android: reads from the `getrandom(2)` system call if available,
43+ /// otherwise from `/dev/urandom`.
44+ /// - macOS, iOS: calls `SecRandomCopyBytes`.
45+ /// - Windows: calls `RtlGenRandom`.
3246/// - WASM: calls `window.crypto.getRandomValues` in browsers,
33- /// `require("crypto").randomBytes` in Node.js .
47+ /// and in Node.js `require("crypto").randomBytes`.
3448/// - OpenBSD: calls `getentropy(2)`.
3549/// - FreeBSD: uses the `kern.arandom` `sysctl(2)` mib.
3650/// - Fuchsia: calls `cprng_draw`.
3751/// - Redox: reads from `rand:` device.
3852/// - CloudABI: calls `random_get`.
39- /// - Other Unix-like systems: read directly from `/dev/urandom`.
40- ///
41- /// This usually does not block. On some systems (e.g. FreeBSD, OpenBSD,
42- /// Max OS X, and modern Linux) this may block very early in the init
43- /// process, if the CSPRNG has not been seeded yet.[1]
44- ///
45- /// *Note*: many Unix systems provide `/dev/random` as well as `/dev/urandom`.
46- /// This module uses `getrandom` if available, otherwise `/dev/urandom`, for
47- /// the following reasons:
53+ /// - Other Unix-like systems: reads directly from `/dev/urandom`.
54+ /// Note: many Unix systems provide `/dev/random` as well as `/dev/urandom`.
55+ /// On all modern systems these two interfaces offer identical quality, with
56+ /// the difference that on some systems `/dev/random` may block. This is a
57+ /// dated design, and `/dev/urandom` is preferred by cryptography experts. [1]
4858///
49- /// - On Linux, `/dev/random` may block if entropy pool is empty;
50- /// `/dev/urandom` will not block. This does not mean that `/dev/random`
51- /// provides better output than `/dev/urandom`; the kernel internally runs a
52- /// cryptographically secure pseudorandom number generator (CSPRNG) based on
53- /// entropy pool for random number generation, so the "quality" of
54- /// `/dev/random` is not better than `/dev/urandom` in most cases. However,
55- /// this means that `/dev/urandom` can yield somewhat predictable randomness
56- /// if the entropy pool is very small, such as immediately after first
57- /// booting. Linux 3.17 added the `getrandom(2)` system call which solves
58- /// the issue: it blocks if entropy pool is not initialized yet, but it does
59- /// not block once initialized. `OsRng` tries to use `getrandom(2)` if
60- /// available, and use `/dev/urandom` fallback if not. If an application
61- /// does not have `getrandom` and likely to be run soon after first booting,
62- /// or on a system with very few entropy sources, one should consider using
63- /// `/dev/random` via `ReadRng`.
64- /// - On some systems (e.g. FreeBSD, OpenBSD and Mac OS X) there is no
65- /// difference between the two sources. (Also note that, on some systems
66- /// e.g. FreeBSD, both `/dev/random` and `/dev/urandom` may block once if
67- /// the CSPRNG has not seeded yet.)
59+ /// [1] See [Myths about urandom](https://www.2uo.de/myths-about-urandom/).
6860///
69- /// [1] See <https://www.python.org/dev/peps/pep-0524/> for a more
70- /// in-depth discussion.
61+ /// [`EntropyRng`]: struct.EntropyRng.html
7162
7263#[ allow( unused) ] // not used by all targets
7364pub struct OsRng ( imp:: OsRng ) ;
0 commit comments