Skip to Content [alt-c]
In reply to Comment by Reader Antoine
From my own selfish perspective, I completely agree with you, since I'm a C++ programmer and I wrap calls to RAND_bytes in a function that checks the return value and throws an exception if it fails. I don't want my programs raising SIGKILL on error. However, I'm all too aware of how cryptographic libraries are used in practice, and since OpenSSL/LibreSSl is a C library, it's all too likely that programmers are going to ignore the return value of RAND_bytes. Fortunately, a missing /dev/urandom is a pretty exceptional error so raising SIGKILL is not too unreasonable.
Reply
Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
monospaced
Post a Reply
Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.