Jason Donenfield, also known as Jason A. Donenfeld, the creator of the VPN WireGuard, recently introduced patches that aim to improve the speed at which random numbers are generated in the Linux system. These patches focus on optimizing the Getrandom() function, which is crucial for generating random numbers for cryptographic purposes. By implementing this optimization, Donenfield hopes to address potential vulnerabilities associated with the /dev/random and /dev/urandom paths, which can be exploited to compromise cryptographic keys.
The key to this optimization lies in leveraging the Virtual Dynamic Shared Object (VDSO) mechanism. This mechanism allows the system call processing to take place in user space, eliminating the need for context switching between user space and the kernel. Specifically, in the case of the Getrandom() function, the VDSO implementation of the system call directly places the code related to random number generation into the process’s address space. As a result, the speed at which random numbers are generated can be increased by up to 15 times or more in certain scenarios.