> On 23 Jul 2025, at 19:11, Jacob Champion <jacob.champ...@enterprisedb.com> > wrote:
> .. maybe the pendulum has swung far enough that we can expect any > kernel supporting getentropy() to be able to do the job just as well > as OpenSSL does in userspace, except also faster? I think it might be > worth a discussion. There has in the past been discussions (at least off-list in hallway tracks) about allowing randomness to be chosen separately from underlying factors such as OpenSSL support, at the time it didn't seem worth the trouble but that may well have changed. With OpenSSL 1.1.1 being the baseline we can also make use of the _priv_bytes functions to get increased isolation. -- Daniel Gustafsson
