keyfork/docs/src/dev-guide/entropy.md

# Entropy Guide

Keyfork provides a `keyfork-entropy` crate for generating entropy. The crate
exposes two functions, `ensure_safe` and `generate_entropy_of_size`. The former
function ensures the kernel is of a version with a safe CSPRNG and that no
network interfaces are listed as up, while the latter function reads `size`
bytes from `/dev/urandom` and returns it. This function is used for any crate
where (non-derived) entropy is needed.

Some crates will only accept a `rand::RngCore` type. For this, the `OsRng` RNG
must be used. It is listed as a `CryptoRng` and has been audited to confirm it
calls the `getrandom()` function in a secure manner, calling the function with
zero flags enabled (outside of validating the syscall is available).
docs: import chunk from README into usage, create entropy dev guide 2024-01-16 05:05:18 +00:00			`# Entropy Guide`

			Keyfork provides a `keyfork-entropy` crate for generating entropy. The crate
			exposes two functions, `ensure_safe` and `generate_entropy_of_size`. The former
			`function ensures the kernel is of a version with a safe CSPRNG and that no`
			network interfaces are listed as up, while the latter function reads `size`
			bytes from `/dev/urandom` and returns it. This function is used for any crate
			`where (non-derived) entropy is needed.`

			Some crates will only accept a `rand::RngCore` type. For this, the `OsRng` RNG
			must be used. It is listed as a `CryptoRng` and has been audited to confirm it
			calls the `getrandom()` function in a secure manner, calling the function with
			`zero flags enabled (outside of validating the syscall is available).`