Skip to content

Commit

Permalink
Second try at OsRng documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
pitdicker committed Mar 26, 2018
1 parent 70c57bf commit b8f985a
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions src/os.rs
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,17 @@ use rand_core::{RngCore, Error, impls};
/// most applications. Commonly it is used to initialize a user-space RNG, which
/// can then be used with much lower overhead.
///
/// Sometimes there is the misconception that `OsRng` somehow provides 'better'
/// random numbers than some good user-space cryptographic random number
/// generator. This is not true, but `OsRng` has a role in initializing such an
/// RNG. The initial seed of randomness has to come from somewhere.
/// Generally you can say that the values generated by `OsRng` are not in some
/// way 'better' than those generated by a good user-space cryptographic random
/// number generator. It is not necessary to use `OsRng` if your only
/// requirements are 'good' random numbers.
///
/// Where `OsRng` especially has a role is in seeding user-space RNGs. The
/// initial seed of randomness has to come from somewhere. And it can also be a
/// good choice if you need a small number of secure random values. We can
/// expect the RNG of the operating system to have mitigations in place for
/// vulnerabilities such as side-channel attacks. But in general it is best rely
/// on security-oriented libraries in such cases, such as OpenSSL or Ring.
///
/// You may prefer to use [`EntropyRng`] instead of `OsRng`. Is is unlikely, but
/// not entirely theoretical, for `OsRng` to fail. In such cases `EntropyRng`
Expand Down

0 comments on commit b8f985a

Please sign in to comment.