-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Not a crypto library" warning is confusing #57
Comments
Cross-posting to the main repo. This post can stay open: the book probably needs updating eventually. |
I think this is accurate, but we cannot guarantee that our implementations are cryptographically secure. It's more of a best-effort thing, we don't spend the resources in verifying our implementations that a crypto library might. If you look at crypto libraries, they use |
Was reading the book as I need a secure RNG and this statement confused me. Also the links suggest that the other projects provide a secure RNG. But RustCrypto has no RNG, and Ring only provides an abstraction over the OS RNG. |
This is AFAIK best practice for cryptographic use cases: Don't use a user-space CSPRNG, use the OS directly (i.e. getrandom). |
This section of the book was updated (#61) to clarify what the the crate does and doesn't attempt to provide. Nothing fundamental changes. Any comments? Note that the book is for documentation; for changes to |
I've seen a few projects use rand in security sensitive code.
A reviewer may eventually point them to this warning in the book:
https://github.com/rust-random/book/blame/master/src/guide-rngs.md#L263-L271
Inferring that rand does not provide cryptographically secure prngs and they should use a different random library.
That warning was added ~5 years ago.
However in what looks like the same commit there's a section on Cryptographically secure pseudo-random number generators (CSPRNGs).
https://github.com/rust-random/book/blame/master/src/guide-rngs.md#L62
Is this warning out of date?
If it is not out of date, should it be interpreted to mean:
While this library has CSPRNGs that are in fact cryptographically secure, this is not a general purpose cryptographic library providing other algorithms like encryption and authentication? (And if you want encryption and authentication you should go to the referenced libraries instead of building your own using rand.)
If it is neither out of date nor a warning against rolling your own crypto, then it seems like the rand library documentation should be updated to remove CSPRNG references. https://docs.rs/rand/0.8.5/src/rand/rngs/mod.rs.html#53-62
Example issue:
confidential-containers/confidential-containers#44 (comment)
The text was updated successfully, but these errors were encountered: