-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Evaluate the correct built-in RNG implementation #620
Comments
@knqyf263 @sam-at-luther if both of you have time to contribute a suggestion, much obliged |
Maybe there's a better way, but an easy one is to use hashes. Hashes are PRF by default; In that particular cases seems that XOF (Extendable-Output Functions) can be used as "DRBG", and will do the job just fine. Personally, I use that quite alot with Blake2, something like (error checks removed for simplicity):
You need EDIT: To make it easier to undestand: It's possible to use SHA-3 too. In that case it's ShakeHash (https://pkg.go.dev/golang.org/x/crypto/sha3#ShakeHash), same concept. I'm not sure if SHA-3 have such limitation on the stream size. However, both imports packages from golang.org/x/crypto, and maybe there's a simple and better way to do the thing. |
Thanks @inkeliz. I'll defer until other end users chime in. Commenting only because you mentioned something I left out of the desc. the consumers of this api (and we may need more than one, similar to how we have wall time and nanotime) So, I think we need to clarify for the API
Here are the use cases I've added to the desc
We also have some related imports, too
|
what's the next action on this issue, given that no one has chimed in since Jun 2022? |
Is your feature request related to a problem? Please describe.
A while back, we switched from math to crypto RNG. This seemed correct at the time, but go's docs hint at a sandbox problem
What I'm concerned with is a WebAssembly module exhausting the host entropy source. Elsewhere, such as clocks (#616) we don't expose something that can be used as a covert channel, or break the sandbox.
Moreover, there's a tacit "capabilities" approach in how people describe WASI, though implementation is very inconsistent across projects. A capabilities approach would default to a fake random, or at least something that can't exhaust the host.
Describe the solution you'd like
I'd like advice on if we should change the default and what it would change to. If we are to stay the same, that's also fine, but we should raise a PR to update RATIONALE.md on it.
So, I think we need to clarify for the API
Related context
Imports that will consume this:
Related imports we can address now or another way, possibly arch-specific, later:
The text was updated successfully, but these errors were encountered: