Comment 1 for bug 1811758

Revision history for this message
dkg (dkg0) wrote :

To be clear, the problem with using /dev/urandom as a backend is that it's possible to feed data from an uninitialized pool into the guest.

and the problem with using /dev/random as a backend is that it's possible for a guest to starve the other host (and other guests) of entropy, since it pulls from the blocking pool.

getrandom() only blocks when the CSPRNG is not initialized, otherwise it never blocks. this is the right behavior by default.