[Python-ideas] Should our default random number generator be secure?
Guido van Rossum
guido at python.org
Wed Sep 9 19:41:59 CEST 2015
---------- Forwarded message ----------
From: Theo de Raadt
Date: Wed, Sep 9, 2015 at 10:36 AM
Subject: Re: getentropy, getrandom, arc4random()
To: guido at python.org
> Yet another thing. Where do you see that Go and Swift have secure random
as
> a keyword? Searching for "golang random" gives the math/rand package as
the
> first hit, which has a note reminding the reader to use crypto/rand for
> security work.
yes, well, look at the other phrase it uses...
that produces a deterministic sequence of values each time a program is
run
it documents itself as being decidely non-random. that documentation
change happened soon after this event:
https://lwn.net/Articles/625506/
these days, the one people are using is found using "go secure random"
https://golang.org/pkg/crypto/rand/
that opens /dev/urandom or uses the getrandom system call depending on
system. it also has support for the windows entropy API. it pulls
data into a large buffer, a cache. then each subsequent call, it
consumes some, until it rus out, and has to do a fresh read. it
appears to not clean the buffer behind itself, probably for
performance reasons, so the memory is left active. (forward secrecy
violated)
i don't think they are doing the best they can... i think they should
get forward secrecy and higher performance by having an in-process
chacha. but you can sense the trend.
here's an example of the fallout..
https://github.com/golang/go/issues/9205
> For Swift it's much the same -- there's an arc4random() in
> the Darwin package but nothing in the core language.
that is what people are led to use.
--
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150909/62e1b044/attachment.html>
More information about the Python-ideas
mailing list