runtime: using CryptGenRandom to generate randomness slows process startup #15589
Labels
Milestone
Comments
|
Use of RtlGenRandom sounds good to me. Please send a code review. But it won't get submitted until after go1.7 is released - the tree is frozen at this moment. Thank you. Alex |
alexbrainman
changed the title
|
CL https://golang.org/cl/22933 mentions this issue. |
|
CL https://golang.org/cl/29700 mentions this issue. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In Windows's
runtime.getRandomData(), CryptGenRandom is used to retrieve random data from the system random number generator. Using this API causes initialization of the entire Windows crypto API surface, which is expensive and probably usually otherwise unnecessary.The recommended way to fix this is to use BCryptGenRandom with a
NULLprovider andBCRYPT_USE_SYSTEM_PREFERRED_RNG. This is what .NET Core does on Windows, for example. However, this is only supported on Windows 7 and newer OSes.A slightly faster approach and one that works on XP is to use RtlGenRandom. Although this function is not well-documented, it uses the same RNG as the other functions, it has been recommended by Microsoft in a blog, and it is used in other open source projects such as Chromium and Firefox.
I have a prototype (38633e2) of that uses
RtlGenRandomthat reduces process startup time from 22ms to 20ms on my machine.If this approach seems worthwhile then I can send out a code review.
The text was updated successfully, but these errors were encountered: