getrandom

The getrandom crate does exactly one thing exceptionally well: provides cryptographically secure random bytes from OS sources. The API is deliberately minimal—just `getrandom()` that fills a buffer—which makes it nearly impossible to misuse. It transparently handles platform differences (getrandom syscall on Linux, BCryptGenRandom on Windows, /dev/urandom fallback) without exposing complexity.

From a security perspective, this is as close to perfect as it gets. Error handling is explicit with a custom Error type that doesn't leak sensitive information. The crate has zero dependencies by default and compiles to tiny binaries. The maintainers respond quickly to platform-specific issues and CVEs. The code is audited and foundational to the Rust crypto ecosystem—rand depends on it, which means most crypto libraries transitively rely on getrandom.

The no_std support with custom RNG hooks is well-designed for embedded contexts. Documentation clearly explains error cases (no entropy available) and the library fails safely rather than falling back to weak sources. For security-critical code, this design philosophy is exactly what you want.

This is the library you want when you need cryptographically secure random bytes. It provides a thin, auditable wrapper around OS-level entropy sources (getrandom() on Linux, BCryptGenRandom on Windows, etc.) with zero dependencies beyond libc. The API is beautifully simple: call getrandom::getrandom() with a mutable slice and handle the error. That's it.

Error handling is exemplary from a security perspective. It explicitly surfaces entropy exhaustion and blocking scenarios rather than silently falling back to weaker sources. The Error type distinguishes between ENOSYS (no syscall available), EAGAIN (temporary unavailability), and other conditions, letting you make informed decisions. Custom error handling lets you decide whether to block, retry, or fail-fast based on your threat model.

The compile-time feature flags (rdrand, js) are well-documented with clear security implications. The library follows secure-by-default principles: it won't compile on unsupported platforms rather than degrading silently. This is exactly what you want for security-critical code where a weak RNG would be catastrophic.

getrandom does exactly one thing: fill a buffer with random bytes from the OS. The API is literally one function call—`getrandom::getrandom(&mut buf)`—and it just works. I've used it across Linux, macOS, Windows, and even WASM targets without any platform-specific code or configuration headaches. The learning curve is essentially zero; if you can create a byte array, you can use this crate.

Error handling is straightforward with clear Result types, though in practice errors are rare unless you're in exotic environments. The documentation is concise but complete, with just enough detail about platform-specific behavior (like getrandom vs /dev/urandom on Linux) without overwhelming you. When things do go wrong, error messages point you directly to the issue—I once hit a WASM configuration problem and the compile error told me exactly which feature flag to enable.

This is a foundational crate that other libraries build on (like `rand`), but it's also perfectly fine to use directly when you just need raw random bytes. No boilerplate, no complex builders, no surprises. It's the kind of library that makes Rust feel productive.