About the #random thingie ... I need random data in #swad to generate unpredictable #session IDs.
I previously had an implementation trying the #Linux-originating #getrandom if available, with a fallback to a stupid internal #xorshift#PRNG, which could be disabled because it's obviously NOT cryptographically secure, and WAS disabled for the generation of session IDs.
Then I learned #arc4random is available on many systems nowadays (#FreeBSD, #NetBSD, even Linux with a recent-enough glibc), so I decided to add a compile check for it and replace the whole mess with nothing but an arc4random call IF it is available.
arc4random originates from #OpenBSD and provides the only sane way to get cryptographically secure random data. It automatically and transparently (re-)seeds from OS entropy sources, but uses an internal CSPRNG most of the time (nowadays typically #ChaCha20, so it's a misnomer, but hey ...). It never fails, it never blocks. It just works. Awesome.
I revisited that, AGAIN. Getting #random data in #poser now has yet another fallback, in case we don't have #arc4random and we also don't have #getrandom: read from /dev/random and/or /dev/urandom, "old style" 🙈. Still better to try this before resorting to a simple little #xorshift.
In the best case — arc4random found — this is still all the code of PSC_Random_bytes() 😆:
arc4random_buf(buf, count);
return count;
https://zirias.github.io/poser/api/latest/class_p_s_c___random.html
