bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number

From: Chet Ramey
Subject: Re: [bug-bash] $RANDOM not Cryptographically secure pseudorandom number generator
Date: Mon, 21 Jan 2019 15:12:02 -0500
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 
On 1/20/19 9:04 PM, Rawiri Blundell wrote:
> On Mon, Jan 21, 2019 at 10:54 AM Chet Ramey <chet.ramey@case.edu> wrote:
>>
>> On 1/20/19 7:52 AM, Rawiri Blundell wrote:
>>
>>> So it might be a case of restricting the usability of this change to
>>> newer kernels that have dedicated calls like getrandom() or
>>> getentropy(), and having to handle detecting/selecting those?
>>>
>>> So if this is an exercise that you're happy to entertain, and without
>>> wanting to feature-creep too much, why not something like this?
>>
>> I'd probably start with URANDOM as a 32-bit random integer read as
>> four bytes from /dev/urandom. It's trivial to create a filename from
>> that with whatever restrictions (and whatever characters) you want.
>>
> 
> For what it's worth I did consider suggesting URANDOM, however I
> figured some users may confuse it like this:
> 
> RANDOM -> /dev/random
> URANDOM -> /dev/urandom
> 
> Couple that with an established base of myths about /dev/urandom, I
> thought it might be best to suggest something else to eliminate that
> potential confusion.

I can see that, but I think RANDOM is established enough that nobody
assumes it has anything to do with /dev/random.

>>> As an aside, I can confirm the findings of a performance difference
>>> between 4.4 and 5.0 when running the script provided earlier in the
>>> discussion. At first glance it seems to be due to the switch from the
>>> old LCG to the current MINSTD RNG,
>>
>> There's no switch: the bash-4.4 generator and bash-5.0 generators are
>> identical. I'll have to do some profiling when I get a chance.
>>
> 
> I suspect that we're talking at cross purposes, but it's now neither
> here nor there.

We're only talking about the performance difference. It's hard to believe
it's due to the RNG, since that didn't change. The `switch' took place
ten years ago.

> You've expressed that RANDOM's period and seeding are issues for you.
> I think the ChaCha20 patch is a bit overkill for RANDOM's
> requirements, but would you be interested in some investigation into
> middle-ground alternatives like PCG or JSF32?

If we're converging on something like URANDOM (or some other name) for a
better RNG, I don't see the need to change the RANDOM generator.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]