add system random to stdlib: std/sysrand #16459
Conversation
There was a problem hiding this comment.
LGTM; @Araq how about we merge this now, and we can do followup PR's to fix the remaining bugs; since it's a new module it's fine IMO to do this so we can make faster progress (maybe with a note: experimental module, unstable API)
We cannot merge something with potential security issues/bugs like this, especially when it should cryptographically secure. Let's fix the bugs instead of rushing. |
What I'm arguing for here is to allow iterating in a more effective way on new modules (or even new APIs in existing modules), including this one. This could be as simple as: # in std/sysrand.nim
when not defined(nimExperimentalSysrand): static: doAssert "experimental module, unstable API"
# rest of code ...so that:
Unlike the proposal discussed in nim-lang/RFCs#310, there'd be no need for This is essentially a lightweight form of |
There was a problem hiding this comment.
Beautiful, a perfect example of something that should be in the stdlib.
I'm mostly writing this because I feel like I very often reject PRs for new modules to the stdlib, it's nice to accept a case that I think does deserve to be in the stdlib :)
The API is also solid and docs look good. Implementation we can always easily improve as long as API doesn't need to change so IMO we can merge this now tbh.
Yes, we can. We just need to make it clear that the module is new, all this needs is a warning in the docs, something like:
In fact, we should keep this warning until a reputable company does audit it and then link to the audit in the docs. |
timotheecour
changed the title
indeed. This is exactly what timotheecour#575 is about: avoiding analysis paralysis where a PR slowly collects bitrot over time, and needs constant rebasing. More eyes = more bugfixes.
it can't hurt but I'm not sure if it buys you much in practice beyond a marketing argument; this module depends on some parts of stdlib (system.nim) and compiler for correctness; that one-time audit wouldn't cover those, and even if it did it wouldn't guard against regressions. |
|
This is completely broken on NetBSD at the moment (and likely Dragonfly, though I haven’t tested there yet). Note that there are a few existing Nimble packages that aim to achieve the same thing, like:
I would almost always base this kind of code on the fantastic libsodium, who’s approach can be found here: https://github.com/jedisct1/libsodium/blob/master/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c I’m very happy to see this module get added to the stdlib though :) |
|
@euantorano PR welcome; also regarding running netbsd in CI for netbsd, see also this comment #16459 (comment) which has some potential solutions |
I have some nightly tests running here already: http://jenkins.euantorano.co.uk/job/Nim/124/console - it just runs on a schedule rather than on every PR/commit which is good enough for now until we get some of the failures fixed. Yep, looks like it. It was broken when I commented, likely due to the nature of it running nightly. |
timotheecour
added
the
TODO: followup needed
Cryptographically secure pseudorandom number generator
https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
Many popular and mature programming languages put
system randomon their standard libraryPython
https://www.python.org/dev/peps/pep-0506
https://www.python.org/dev/peps/pep-0524
https://docs.python.org/3/library/os.html#os.urandom
https://docs.python.org/3/library/secrets.html
Rust
https://github.com/rust-lang/rust/blob/master/library/std/src/sys/unix/rand.rs
Go
https://golang.org/pkg/crypto/rand
https://sourcegraph.com/github.com/golang/go/-/blob/src/internal/syscall/unix/getrandom_linux.go
JS(WebAPI)
https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues
Nodejs
https://nodejs.org/api/crypto.html#crypto_crypto_randomfillsync_buffer_offset_size
Crystal
https://github.com/crystal-lang/crystal/blob/master/src/random/secure.cr
Zig
https://github.com/ziglang/zig/blob/master/lib/std/crypto/tlcsprng.zig
Java/Scala/Kotlin
https://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html
C#
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rngcryptoserviceprovider?view=net-5.0
PHP 7
random_bytes — Generates cryptographically secure pseudo-random bytes
https://www.php.net/manual/en/function.random-bytes.php
Ruby
https://ruby-doc.org/stdlib-2.5.1/libdoc/securerandom/rdoc/SecureRandom.html
Dart
https://api.dart.dev/stable/2.10.5/dart-math/Random/Random.secure.html
Erlang
https://erlang.org/doc/man/crypto.html#strong_rand_bytes-1
libsodium
https://github.com/jedisct1/libsodium/blob/master/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
blog:
https://paragonie.com/blog/2016/05/how-generate-secure-random-numbers-in-various-programming-languages
implementation:
future work
oidscan also benefits from this PR(use a secure seed).If stdlib can accept
UUID, the module will benefit from this PR too.It can also be used to generate salts, keys or initialization vectors.