From c18b7d2dcc9d3e6010c94bcaaf874ff55703e567 Mon Sep 17 00:00:00 2001
From: Kazu Yamamoto <kazu@iij.ad.jp>
Date: Fri, 10 Nov 2023 09:25:22 +0900
Subject: [PATCH] adding comment

---
 Crypto/Random.hs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Crypto/Random.hs b/Crypto/Random.hs
index 5b45647..816a7be 100644
--- a/Crypto/Random.hs
+++ b/Crypto/Random.hs
@@ -50,6 +50,12 @@ seedLength = 40
 
 -- | Create a new Seed from system entropy
 seedNew :: MonadRandom randomly => randomly Seed
+-- The degree of its randomness depends on the source, e.g. for iOS we
+-- have to compile with DoNotUseEntropy flag, as iOS doesn't allow
+-- using getentropy, and on some other systems it can be also
+-- potentially comprisable sources. Hashing of entropy before using
+-- it as a seed is a common mitigation for attacks via RNG/entropy
+-- source.
 seedNew = (Seed . B.take seedLength . B.convert . (hash :: ScrubbedBytes -> Digest SHA512)) `fmap` getRandomBytes 64
 
 -- | Convert a Seed to an integer