Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose Both /dev/random & /dev/urandom #33

Closed
nixpulvis opened this issue Nov 5, 2017 · 7 comments
Closed

Expose Both /dev/random & /dev/urandom #33

nixpulvis opened this issue Nov 5, 2017 · 7 comments

Comments

@nixpulvis
Copy link

I think it would be ideal to support a blocking and non-blocking interface, and allow users to make use of /dev/random as well. I’m not by any means an expert, but common sense tells me that /dev/random should be strictly better than /dev/urandom in the general case.
@nixpulvis
Copy link
Author

Just found ReadRng, so this is obviouly possible, maybe im just wanting a closer mapping to the Linux API, which may be the wrong idea. Sorry if this feels like bikeshedding now.

@nixpulvis
Copy link
Author

Maybe the best way to read this is within the context of OsRng.

@nixpulvis
Copy link
Author

I’ll be honest, the discussion on https://www.python.org/dev/peps/pep-0524/ didn’t seem very safisfying.

@dhardy
Copy link
Owner

dhardy commented Nov 6, 2017
edited
Loading

Common sense doesn't get you very far in cryptography (without a lot of questioning). Certainly /dev/random should not be worse than /dev/urandom, but it only has better security if an attacker somehow compromises the kernel entropy (but then you shouldn't trust /dev/random either) or if someone discovers a serious weakness in the CSPRNG algorithm (but then a lot of crypto could would be vulnerable — ChaCha20 is widely used). The general advise is just to use /dev/urandom. To quote the man page:

If you are unsure about whether you should use /dev/random or /dev/urandom, then probably you want to use the latter. As a general rule, /dev/urandom should be used for every‐thing except long-lived GPG/SSL/SSH keys.

That said, /dev/random is still available for use. OsRng is designed for general-purpose cross-platform usage however. I doubt many users really need /dev/random so I'd suggest just using ReadRng::new(File::open("/dev/random")).

@nixpulvis
Copy link
Author

nixpulvis commented Nov 6, 2017
edited
Loading

Fair enough. Though a question still remains if it makes sense to support both a synchronous and async interface. Right?

@dhardy
Copy link
Owner

dhardy commented Nov 6, 2017

There was some discussion of this in error kinds: hence ErrorKind::NotReady (see #9). But this interface only works with a function returning errors like try_fill.

@dhardy
Copy link
Owner

dhardy commented Nov 8, 2017

Without any listed rationale / use-case, and since the current design partly covers the requirements here, I'm going to close this. If you still want extra functionality you're going to have to be more specific, and provide good motivation (because the API is already much more complex than I'd like).

@dhardy dhardy closed this as completed Nov 8, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dhardy @nixpulvis