[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number
From: |
Chet Ramey |
Subject: |
Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number generator |
Date: |
Mon, 21 Jan 2019 15:12:02 -0500 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 |
On 1/20/19 9:04 PM, Rawiri Blundell wrote:
> On Mon, Jan 21, 2019 at 10:54 AM Chet Ramey <chet.ramey@case.edu> wrote:
>>
>> On 1/20/19 7:52 AM, Rawiri Blundell wrote:
>>
>>> So it might be a case of restricting the usability of this change to
>>> newer kernels that have dedicated calls like getrandom() or
>>> getentropy(), and having to handle detecting/selecting those?
>>>
>>> So if this is an exercise that you're happy to entertain, and without
>>> wanting to feature-creep too much, why not something like this?
>>
>> I'd probably start with URANDOM as a 32-bit random integer read as
>> four bytes from /dev/urandom. It's trivial to create a filename from
>> that with whatever restrictions (and whatever characters) you want.
>>
>
> For what it's worth I did consider suggesting URANDOM, however I
> figured some users may confuse it like this:
>
> RANDOM -> /dev/random
> URANDOM -> /dev/urandom
>
> Couple that with an established base of myths about /dev/urandom, I
> thought it might be best to suggest something else to eliminate that
> potential confusion.
I can see that, but I think RANDOM is established enough that nobody
assumes it has anything to do with /dev/random.
>>> As an aside, I can confirm the findings of a performance difference
>>> between 4.4 and 5.0 when running the script provided earlier in the
>>> discussion. At first glance it seems to be due to the switch from the
>>> old LCG to the current MINSTD RNG,
>>
>> There's no switch: the bash-4.4 generator and bash-5.0 generators are
>> identical. I'll have to do some profiling when I get a chance.
>>
>
> I suspect that we're talking at cross purposes, but it's now neither
> here nor there.
We're only talking about the performance difference. It's hard to believe
it's due to the RNG, since that didn't change. The `switch' took place
ten years ago.
> You've expressed that RANDOM's period and seeding are issues for you.
> I think the ChaCha20 patch is a bit overkill for RANDOM's
> requirements, but would you be interested in some investigation into
> middle-ground alternatives like PCG or JSF32?
If we're converging on something like URANDOM (or some other name) for a
better RNG, I don't see the need to change the RANDOM generator.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/