Tweaks to the std library #699
Conversation
fare
commented
Feb 16, 2023
fare
commented
- Use sqlite3_prepare_v3 instead of _v2
- Use libcrypto instead of urandom for random-bytes, which is cheaper and more portable
Don't directly use the more expensive /dev/urandom that openssl already uses but for initialization only.
| (let (count (read-subu8vector bytes start end *urandom*)) | ||
| (unless (eq? count (##fx- end start)) | ||
| (error "Could not read enough random bytes" count start end)))) | ||
| (let (result (RAND_bytes bytes start end)) |
There was a problem hiding this comment.
does this need initialization?
There was a problem hiding this comment.
From < https://www.openssl.org/docs/manmaster/man3/RAND_bytes.html >:
On all major platforms supported by OpenSSL (including the Unix-like platforms and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use using the operating systems's random generator.
There was a problem hiding this comment.
Is it reasonable to replace urandom with this?
It sounds generous and might take users by surprise.
| @@ -126,14 +126,12 @@ | |||
| buf) | |||
| #f)))) | |||
|
|
|||
| (def *urandom* (open-input-file "/dev/urandom")) | |||
There was a problem hiding this comment.
This looses functionality i think; it was possible previously to seed the rng with something useful for reproducible runs (say a file read from /dev/urandom).
We no longer have this capability.
There was a problem hiding this comment.
Reproducibility is important for testing, and non-reproducibility for security. I think there should be two separate primitives for each, and code that needs to be tested with one yet run with the other might have a vector to choose between the two.
The crypto library looks like the right place for the actual non-reproducible bit. Akshully, we'd ideally add the additional functions for entropy control, too.
|
I would still like to keep the option of using urandom; no matter how you sugar it, if you want strong randomness it's the only game in town. |
|
RAND_bytes already implicitly uses urandom at lazy initialization time (and whatever else works on Windows). I suppose we could add additional functions to query urandom. But then again, there's also /dev/random in case you want the kernel to guarantee some entropy (which might matter at boot time on some embedded devices). |
|
Sounds like a good opportunity to generally improve the situation api wise. |
|
Agreed that a better API is needed at some point. Actually, I am thinking about porting some property-based testing library (as made popular by Haskell's QuickCheck) to Gerbil Scheme at some point, and the deterministic PRNG aspect will then become salient. |
Make it easier to copy-paste the name of a command by not displaying colon (:) after the command. This also matches how git and other software display their sub-commands in their help. See brief discussion in PR mighty-gerbils#648.
