Is there a replacement for /dev/random on Android JNI?

Question

I have a written an application which generates an ECDSA public/private keypair via OpenSSL 1.0.1c. From what I understand, OpenSSL uses /dev/random on Linux, but Android does not have /dev/random which means I could potentially be serving cryptographically weak keypairs.

I read both this

https://security.stackexchange.com/questions/2152/do-mobile-oss-provide-crypto-quality-randomness

and this question

https://security.stackexchange.com/questions/14669/how-to-select-dev-random-or-dev-urandom-in-the-code-in-android

and both do give adequate suggestions for using java.security.SecureRandom, however I generate these keypairs on the native side, so something native is welcome. I can pass arguments from Java to my native code, so it's easy to pass in the random bytes, however if there is at all a way to do it entirely on the native side, I choose that.

So, is there a replacement for /dev/random on Android?

Answer 1

Android provides both /dev/random and /dev/urandom to native code. Both are world readable. You should use /dev/urandom because Android already makes sure the PRNG is seeded.

The only advantage of /dev/random/ over /dev/urandom is that /dev/random is safe even if the PRNG isn't seeded. But Android always seeds the PRNG. So there's no advantage. And /dev/random has huge disadvantages -- it depletes the system entropy pool.