I’ve read that reading from /dev/random can block if there isn’t sufficient entropy.
I take it to be that /dev/random/ uses activity within the OS to generate cryptographically secure randomness so if activity on the OS falls to the point where it can’t meet the demand for bytes it will block (i.e. stall). Is this right?
Does openssl_random_pseudo_bytes use /dev/random? If so, would it ever block when running on your average Linux server? On a shared server, for example, you may have hundreds or thousands of sites running. Does the server basically just need to be active to prevent blocking?