3 comments

[ 3.1 ms ] story [ 16.0 ms ] thread
I thought it was pretty silly how he went through all this trouble to essentially do the same thing as symlinking /dev/random and /dev/urandom.
Adding /dev/urandom seems like a suboptimal solution. Crypto is hard, and very clever people get bitten by flaws in things like randomness and seeding prngs.
I think the problem they were trying to fix/remedy was that /dev/random was getting called for ALL random functions in the JVM. So every time an android app called for a random number, it would go to /dev/random.

Nobody would suggest using /dev/urandom for cryptography, but it's sufficient for a random number call, especially because /dev/random is blocking.