What makes it so much faster? Were there a few particular big wins or is it just tons of small optimizations?
If it's faster, fully API compatible, and maintains all the same guarantees, why isn't the implementation being upstreamed to crypto/rand?
Edit: Looked at the code. It's a little read-ahead cache wrapped around crypto/rand. Good idea! I can't help but wonder if this actually does have some security implications, since rand data is going to be sitting around in process memory potentially long before it's actually requested.
When I request 1 random byte, the library fetches 512 bytes (for example) of random data from the OS, and then returns the first byte to me. When I request another 1 random byte, it just gives me the next byte that it already fetched without needing to make another syscall.
If it's faster, fully API compatible, and maintains all the same guarantees, why isn't the implementation being upstreamed to crypto/rand?
Edit: Looked at the code. It's a little read-ahead cache wrapped around crypto/rand. Good idea! I can't help but wonder if this actually does have some security implications, since rand data is going to be sitting around in process memory potentially long before it's actually requested.