You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some platforms provide hardware-based "true" RNG sources which can be faster and have smaller footprint than using OS-provided APIs. For example: the RDRAND instruction (x86), the RNDR register (ARM, see #494), the seed CSR (RISC-V). In most cases users should prefer OS-provided APIs because they are more widely available, likely less buggy (see comments in the rdrand module), and there are less security concerns about them. But in some controlled cases it could be useful to be able to switch to these entropy sources.
Crate features could be used for that, but they are not a good fit since, strictly speaking, change of entropy backend is not "additive". Some users also misuse those features and enable them unconditionally in library crates. It's probably better to use configuration flags (i.e. cfg(getrandom = "rdrand")). In future we may replace them with something like mutually exclusive features.
This configuration flag should probably replace the existing linux_disable_fallback, rdrand, and js features. The last one is the most debatable. It's the most used feature compared to the other two, so replacing it with a configuration flag may result in complaints from developers targeting Web WASM.
We also can gate support of "problematic" targets such as ESP-IDF (see #397) behind such flag to improve visibility of potential issues with such targets.
The text was updated successfully, but these errors were encountered:
Some platforms provide hardware-based "true" RNG sources which can be faster and have smaller footprint than using OS-provided APIs. For example: the RDRAND instruction (x86), the RNDR register (ARM, see #494), the
seed
CSR (RISC-V). In most cases users should prefer OS-provided APIs because they are more widely available, likely less buggy (see comments in therdrand
module), and there are less security concerns about them. But in some controlled cases it could be useful to be able to switch to these entropy sources.Crate features could be used for that, but they are not a good fit since, strictly speaking, change of entropy backend is not "additive". Some users also misuse those features and enable them unconditionally in library crates. It's probably better to use configuration flags (i.e.
cfg(getrandom = "rdrand")
). In future we may replace them with something like mutually exclusive features.This configuration flag should probably replace the existing
linux_disable_fallback
,rdrand
, andjs
features. The last one is the most debatable. It's the most used feature compared to the other two, so replacing it with a configuration flag may result in complaints from developers targeting Web WASM.We also can gate support of "problematic" targets such as ESP-IDF (see #397) behind such flag to improve visibility of potential issues with such targets.
The text was updated successfully, but these errors were encountered: