TIL Apple deprecated getentropy() because they like weak keys from cryptographic software working around broken platforms with no safe API for cryptographic entropy.
Conversation
Worth noting that OpenBSD only intends getentropy for use by arc4random:
man.openbsd.org/getentropy.2
> getentropy() is not intended for regular code; please use the arc4random(3) family of functions instead.
They use man.openbsd.org/minherit.2 with MAP_INHERIT_ZERO to reset on fork.
2
2
It rotates the ChaCha20 key whenever it finishes using up the current small cache and occasionally reseeds itself.
It's meant to alleviate the need to use anything else by avoiding system call overhead but doesn't really achieve that due to global state rather than thread-local.
1
ChaCha20 also has an extremely high security margin. It would be a lot faster to use ChaCha12 while still having a higher security margin than AES256. ChaCha8 is also perfectly reasonable. Means it doesn't really succeed at the goal of deterring people using something faster.


