Stream: wg-secure-code

Topic: random


Alex Gaynor (Jan 15 2019 at 00:22, on Zulip):

Hmm: https://bugs.chromium.org/p/chromium/issues/detail?id=921795 I don't really agree, but it's more evidence of the value of having the straight forward OS CSPRNG in std

Zach Reizner (Jan 15 2019 at 00:25, on Zulip):

It's my intern's starting project. Be nice :)

Taylor Cramer (Jan 15 2019 at 00:28, on Zulip):

@Zach Reizner FYI rand is part of the official rust-lang org

Taylor Cramer (Jan 15 2019 at 00:28, on Zulip):

and is maintained by a lot of the same people who maintain the stdlib

Zach Reizner (Jan 15 2019 at 00:28, on Zulip):

Although, perhaps a insightful discussion could be had on that bug. FWIW, I had a similar change for the byteorder crate that we decided not to merge because @David Tolnay convinced me that that crate was under good stewardship. He conspicuously did not say the same about rand.

Alex Gaynor (Jan 15 2019 at 00:28, on Zulip):

I have some complaints about rand (mostly that it's too complex, and has too much when all I want is a wrapper around the 17 kernel CSPRNG APIs). But I'm not concerned about teh malware perspective.

Tony Arcieri (Jan 15 2019 at 08:17, on Zulip):

rand itself is a kitchen sink of 90s crypto and non-cryptographic RNGs

Tony Arcieri (Jan 15 2019 at 08:17, on Zulip):

crypto projects should use rand_os

Tony Arcieri (Jan 15 2019 at 08:18, on Zulip):

(which I still can't help but pronounce "randos")

Tony Arcieri (Jan 15 2019 at 08:18, on Zulip):

I'd be a big fan of a getrandom()-like API in std though

Tony Arcieri (Jan 15 2019 at 08:18, on Zulip):

especially if it were backed by a lang item

Gerardo Di Giacomo (Jan 15 2019 at 21:05, on Zulip):

is rand_os OsRng ?

Gerardo Di Giacomo (Jan 15 2019 at 21:18, on Zulip):

as in rand::os::OsRng

Alex Gaynor (Jan 15 2019 at 21:57, on Zulip):

rand_os is the crate where rand::os::OsRng is actually implemented

Last update: Nov 11 2019 at 22:45UTC