[axman6]

Is the portable LibreSSL library being written by the OpenBSD folks or someone maintaining a fork? My impression of their plans was that they would focus on OpenBSD first and foremost and once they were happy with it, then would be the right time to start porting it to other platforms (or any platform which provides the same guarantees as OpenBSD's API could already use it).

[cratermoon]

The OpenBSD folks are doing it, and in the comments in the source they make it clear they expect the OS to provide a secure and stable entropy source.

[akerl_]

And I expect my car to provide a reliable form of transportation, but if I turn the key in the morning and chickens fly out from under the hood, I stop what I'm doing, I don't keep driving to work.

[cratermoon]

Agreed. Maybe the default in LibreSSL should be swapped from "go ahead and use this fallback faux-entropy if we have to" to "fail if we can't get good entropy". It'd be a matter of changing and undef to a def in the code.