Of the use of unpredictableSeed (page 4)

On Tuesday, 7 March 2017 at 20:15:56 UTC, Nick Sabalausky (Abscissa) wrote: > On 03/07/2017 05:18 AM, Seb wrote: >>[...] > > Ooh, that's great to know! (Kinda sad that it seems necessary, given the "unix filesystem and unix design" ideals, but oh well, realities are realities.) > > Is there a "proper" way to check for this function's existence on a local machine, other than test-compiling, or is parsing 'uname -a' as "right way" as it gets? > > And anyone know about OSX? Would OSX use the getentropy the article you linked to mentions for OpenBSD? Or something else? Or just fallback to /dev/(u)random? > > This really deserves a Phobos PR, IMO, FWIW. https://github.com/dlang/phobos/pull/5230

On 3/8/17 11:24 PM, Yuxuan Shui wrote: > On Tuesday, 7 March 2017 at 20:15:56 UTC, Nick Sabalausky (Abscissa) wrote: >> On 03/07/2017 05:18 AM, Seb wrote: >>> [...] >> >> Ooh, that's great to know! (Kinda sad that it seems necessary, given >> the "unix filesystem and unix design" ideals, but oh well, realities >> are realities.) >> >> Is there a "proper" way to check for this function's existence on a >> local machine, other than test-compiling, or is parsing 'uname -a' as >> "right way" as it gets? >> >> And anyone know about OSX? Would OSX use the getentropy the article >> you linked to mentions for OpenBSD? Or something else? Or just >> fallback to /dev/(u)random? >> >> This really deserves a Phobos PR, IMO, FWIW. > > https://github.com/dlang/phobos/pull/5230 Thanks Yuxuan, sorry for missing this. Can we have this peer reviewed by 1-2 crypto experts? Thanks! -- Andrei

On Tuesday, 21 March 2017 at 10:27:27 UTC, Andrei Alexandrescu wrote: > Thanks Yuxuan, sorry for missing this. Can we have this peer reviewed by 1-2 crypto experts? Thanks! -- Andrei By API, unpredictableSeed() only returns a 32b uint and will never meet crypto standards. Beware of anyone who offers to review it based on their "crypto expertise". unpredictableSeed() is just for things like making single-player games more interesting. It simply isn't for security, and that's pretty much what cym13's post was about.

On Tuesday, 21 March 2017 at 10:27:27 UTC, Andrei Alexandrescu wrote: > Thanks Yuxuan, sorry for missing this. Can we have this peer reviewed by 1-2 crypto experts? Thanks! -- Andrei It's not recommended to use system CSPRNG for non-cryptographic purposes: https://forum.dlang.org/post/xwlzzeyvatwsohqcynka@forum.dlang.org

On 22/03/17 11:08, Kagamin wrote: > On Tuesday, 21 March 2017 at 10:27:27 UTC, Andrei Alexandrescu wrote: >> Thanks Yuxuan, sorry for missing this. Can we have this peer reviewed >> by 1-2 crypto experts? Thanks! -- Andrei > > It's not recommended to use system CSPRNG for non-cryptographic > purposes: https://forum.dlang.org/post/xwlzzeyvatwsohqcynka@forum.dlang.org That does not apply here. We're not talking about using the random pool for generating random numbers. Only for generating the random algorithm's seed. Shachar

On Wednesday, 22 March 2017 at 09:12:14 UTC, Shachar Shemesh wrote: > That does not apply here. We're not talking about using the random pool for generating random numbers. Only for generating the random algorithm's seed. See OP: On Sunday, 26 February 2017 at 18:23:27 UTC, cym13 wrote: > Some even go as far as reseeding at each call to try making it more secure. Also MonoTime resets on every reboot.

March 24, 2017

Re: Of the use of unpredictableSeed

Posted by H. S. Teoh
in reply to sarn

Permalink

H. S. Teoh

Posted in reply to sarn

Permalink

On Tue, Mar 21, 2017 at 10:11:44PM +0000, sarn via Digitalmars-d wrote:
> On Tuesday, 21 March 2017 at 10:27:27 UTC, Andrei Alexandrescu wrote:
> > Thanks Yuxuan, sorry for missing this. Can we have this peer reviewed by 1-2 crypto experts? Thanks! -- Andrei
> 
> By API, unpredictableSeed() only returns a 32b uint and will never meet crypto standards.  Beware of anyone who offers to review it based on their "crypto expertise".
> 
> unpredictableSeed() is just for things like making single-player games more interesting.  It simply isn't for security, and that's pretty much what cym13's post was about.

Yeah, why is it that people still keep thinking unpredictableSeed(), or indeed, the whole of the current std.random, is useful for *anything* related to crypto??

If you want to do crypto, you should be using a crypto library that is *designed* to be cryptographically secure and *verified* by cryptoanalysts to be secure.  std.random is a far cry from that, and crypto isn't even its charter anyway.

What std.random is useful for is to make games more interesting, or for certain kinds of Monte Carlo simulations. (Note that some Monte Carlo simulations may be sensitive to hidden patterns in std.random PRNGs, so you should choose your PRNG carefully, and/or take the simulation results with a grain of salt.) Or for things like probabilistic algorithms (e.g., probabilistic approximate solution finders for NP-complete problems and the like).

Using it for anything crypto- or security-related is just begging to be hacked, esp. in this day and age.

T

-- 
Why waste time learning, when ignorance is instantaneous? -- Hobbes, from Calvin & Hobbes

On 03/24/2017 02:56 PM, H. S. Teoh via Digitalmars-d wrote: > > Yeah, why is it that people still keep thinking unpredictableSeed(), or > indeed, the whole of the current std.random, is useful for *anything* > related to crypto?? > Seems there's two issues there: 1. The name "unpredictableSeed" is highly misleading, if not outright false. 2. Maybe the std.random docs need to be more clear, right up top, that it's not for anything security-related.

On Sunday, 26 March 2017 at 17:55:20 UTC, Nick Sabalausky (Abscissa) wrote: > > 2. Maybe the std.random docs need to be more clear, right up top, that it's not for anything security-related. Agreed. Like what Python did here: https://docs.python.org/3/library/random.html

On Sun, Mar 26, 2017 at 11:46:44PM +0000, Yuxuan Shui via Digitalmars-d wrote: > On Sunday, 26 March 2017 at 17:55:20 UTC, Nick Sabalausky (Abscissa) wrote: > > > > 2. Maybe the std.random docs need to be more clear, right up top, that it's not for anything security-related. > > Agreed. Like what Python did here: https://docs.python.org/3/library/random.html https://github.com/dlang/phobos/pull/5306 T -- I see that you JS got Bach.

Forums