Improve documentation for Random::Secure
#8484
Conversation
Adds documentation based on @ysbaddaden's comment in crystal-lang#6340 (comment)
src/random/secure.cr
Outdated
| # For generating *high quality* random numbers, a pseudorandom number generator | ||
| # (PRNG) such as `Random::PCG32` should be used instead, or preferably one with | ||
| # more state (e.g. `xoshiro256**`). These number generators are much faster | ||
| # than `Random::Secure`. |
There was a problem hiding this comment.
This must be nuanced: using a non cryptography quality PRNG and exposing the numbers can lead to reversing the seed of the RNG, leading an attacker to know the following generated numbers in advance. There are scenarios where this can be acceptable (e.g. generating an UUID for database IDs) and scenarios where this can be exploited (e.g. online game).
src/random/secure.cr
Outdated
| @@ -17,15 +19,19 @@ require "crystal/system/random" | |||
| # For generating *high quality* random numbers, a pseudorandom number generator | |||
| # (PRNG) such as `Random::PCG32` should be used instead, or preferably one with | |||
| # more state (e.g. `xoshiro256**`). These number generators are much faster | |||
| # than `Random::Secure`. | |||
| # than `Random::Secure` and suitable for many use cases with lower | |||
There was a problem hiding this comment.
without instead of lower.
For a slightly lower security (because of user-space instead of kernel), an user-space CSPRNG such as ISAAC or ChaCha20 can be used.
Yes, RNG and security is complex and full of devils in tiny details. I barely grasp them 😭
There was a problem hiding this comment.
I wish someone with good knowledge of RNG and such details would write such documentation.
|
I thought about this for the past few days, and I vote to close. Nobody here has enough knowledge on cryptography or generating random numbers in general to be capable to say which [CS]PRNG should be used. Expect maybe @oprypin or @konovod? Certainly not me. Selecting a [CS]PRNG is very complex and depends on lots of deciding factors:
It's also impossbile to find third-party peer reviews of popular PRNG. For example PCG and XoShiRo are only criticised by their respective authors, then Daniel Lemire ran a few tests, and that's about it 😭 |
|
Or we should just say:
|
|
Now that one I definitely disagree with. That's definitely not the common advice. And relying on commonness is the only thing we can do, I'm afraid. |
|
Aparte (unrelated to The default PRNG used to be Mersenne Twister which is neither good, fast, or memory efficient. PCG32 was a good all rounder to replace it. The generic rand() doesn't need to be secure or to return 64-bit numbers —we only need an i32 to shuffle an array for example. We settled on PCG32 that was better than XorShift (that fails some BigCrush tests), and had an overall better performance on different targets (with and without We didn't evaluate Java's Splittable Random at the time (then made available in crystal-random) or the SplitMix64 variant (pending PR). We didn't evaluate XoShiRo (or XoRoShiRo). I'm not sure they were released at the time (or very recently). If |
src/random/secure.cr
Outdated
| # on Windows [`RtlGenRandom`](https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom), | ||
| # and falls back to reading from `/dev/urandom` on UNIX systems. | ||
| # | ||
| # For generating *high quality* random numbers, a pseudorandom number generator |
There was a problem hiding this comment.
I'd rather remove this whole paragraph. "high quality" is pretty confusing and undefined.
|
Closing. I said 💩. Always ask and listen to security people, not me! |
|
This whole pull request does not have to be closed, only the security advice removed. |
Adds documentation based on @ysbaddaden's comment in #6340 (comment)