Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is ThreadRng cryptographically secure enough? #508

Closed
ColdIce1605 opened this issue Feb 22, 2021 · 1 comment
Closed

Is ThreadRng cryptographically secure enough? #508

ColdIce1605 opened this issue Feb 22, 2021 · 1 comment

Comments

@ColdIce1605
Copy link

rust-random/rand#463

I think this issue solves that // Todo in src/server/mod.rs
@iceiix
Copy link
Owner

iceiix commented Mar 4, 2021

Referring to https://github.com/iceiix/stevenarella/blob/master/src/server/mod.rs#L200-L201

        let mut shared = [0; 16];
        // TODO: is this cryptographically secure enough?
        rand::thread_rng().fill(&mut shared);

from the rand issue:

And an important note on security: we should aim to provide a secure source of random data, but ultimately it is up to users to decide how much they trust our implementation and what their risks are. thread_rng does not have the simplest code to review and is currently young and subject to further change. Also we may or may not implement forward secrecy (backtracking resistance), and for ultimate security solutions using no local state may be preferred.

which is closed, so I think you're the answer to the comment is "yes" - I should remove the comment

@iceiix iceiix closed this as completed in d7b7216 Mar 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iceiix @ColdIce1605