bobcats icon indicating copy to clipboard operation
bobcats copied to clipboard
verified publisher icon typelevel

Switch over calls which hit the OS entropy source to `F.blocking`

Open yilinwei opened this issue 2 years ago • 3 comments

yilinwei avatar Aug 01 '23 18:08 yilinwei

For native, https://www.openssl.org/docs/man3.0/man3/EVP_RAND_fetch.html is the call which reads /udev/random.

yilinwei avatar Aug 10 '23 15:08 yilinwei

Linking to discussion about SecureRandom in https://github.com/typelevel/cats-effect/issues/2882#issuecomment-1586569250.

It would be good to avoid blocking if possible since it adds considerable overhead.

For Native, getrandom is promising. With the GRND_NONBLOCK flag it will actually return immediately with an error if it would block. So we could do something like F.delay(...) and retry with F.blocking(...) only if necessary.

https://man7.org/linux/man-pages/man2/getrandom.2.html

armanbilge avatar Aug 10 '23 16:08 armanbilge

Note, for native it reads something tiny like 32-bits to seed. Especially if we pool it and share our RAND across all the instances. You'd have a single top level F.blocking. I need to look into Node and the JVM.

yilinwei avatar Aug 10 '23 16:08 yilinwei