You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Generating nonces is a very typical need. This is rather inconvenient with the currently existing exports. The issue came up when looking for a fix for GenieFramework/Genie.jl#162 . Tangentially related JuliaLang/julia#27614
What I'd like to see:
Document-by-example proper safe usage, especially with respect to initialization and seeding.
Use entropy as a default argument: CSPRNG = MbedTLS.CtrDrbg() does not give us a usable state. I am happy to report that direct calls to rand(CSPRNG, n) segfault instead of returning bad random. This is laudable: bad random is almost the worst possible behavior; a clean panic, or even a segfault is a much safer outcome. Exploitable memory corruption is the only worse thing one could possibly do.
Either implement the Random interface correctly, or do not declare as a subtype of AbstractRNG. For comparison:
julia> rng1 = Random.RandomDevice(); rng2 = MbedTLS.CtrDrbg(); MbedTLS.seed!(rng2, MbedTLS.Entropy());
julia> rand(rng1, Float32)
0.5747224f0
julia> rand(rng2, Float32)
ERROR: ArgumentError: Sampler for this object is not defined
julia> rand(rng1, 2)
2-element Array{Float64,1}:
0.32157480543452466
0.032868961307404465
julia> rand(rng2, 2)
2-element Array{UInt8,1}:
0xc6
0x2f
Alternatively, don't export at all. People can look for other ways of generating secure random; better send them off than provide an option that is not misuse resistant.
The text was updated successfully, but these errors were encountered:
Generating nonces is a very typical need. This is rather inconvenient with the currently existing exports. The issue came up when looking for a fix for GenieFramework/Genie.jl#162 . Tangentially related JuliaLang/julia#27614
What I'd like to see:
CSPRNG = MbedTLS.CtrDrbg()does not give us a usable state. I am happy to report that direct calls torand(CSPRNG, n)segfault instead of returning bad random. This is laudable: bad random is almost the worst possible behavior; a clean panic, or even a segfault is a much safer outcome. Exploitable memory corruption is the only worse thing one could possibly do.AbstractRNG. For comparison:The text was updated successfully, but these errors were encountered: