From: zofrex@... Date: 2020-11-13T13:20:50+00:00 Subject: [ruby-core:100830] [Ruby master Misc#17319] Rename Random::urandom to os_random and document random data sources Issue #17319 has been updated by zofrex (James Sanderson). I don't think `raw_seed` is name that does a good job of communicating what this method does and what it can be used for. I know this method is *used* to seed the OpenSSL random number generator, but its functionality is more broad than that. I think that people reading "raw_seed" are likely to think that either this returns the seed for the RNG or perhaps that this method is only suitable for seeding another RNG, rather than using this method as an RNG. The latter case is somewhat plausible because on some systems there are RNG sources that aren't suitable for generating lots of random data, but can be used to seed a PRNG, so I think it's important to distinguish from that. I think `urandom` is probably a better name than `raw_seed` because, although it doesn't always draw from `urandom`, it does always draw from random number generators that have similar properties to `urandom` (non-blocking, suitable for reading lots of data from). I think `os_random` or `os_nonblocking_random` are still better names because they quickly tell anyone reading the source of `SecureRandom` that it gets its numbers from the OS random number generator (if not from OpenSSL). That makes reviewing the code from a security point of view a lot easier, and I think that's a highly desirable design goal for code that is so critical to the security of applications. ---------------------------------------- Misc #17319: Rename Random::urandom to os_random and document random data sources https://bugs.ruby-lang.org/issues/17319#change-88470 * Author: zofrex (James Sanderson) * Status: Open * Priority: Normal ---------------------------------------- SecureRandom gets randomness from `Random::urandom`, which is a confusing name because `urandom` only uses /dev/urandom in some circumstances. On reading the `secure_random.rb` code this morning I got very confused how it was supporting "win32" for example, because it appears to only use openssl and /dev/urandom. I have renamed `urandom` to `os_random`. With this change, it is much more obvious from reading `secure_random.rb` what is happening, in my opinion. I have also added `urandom` as an alias to `os_random` so this is not a breaking change. I am not 100% sure I documented this alias correctly. I have also updated the documentation for `os_random` (was `urandom`), `SecureRandom`, and `random_raw_seed` to reflect that there are multiple potential sources for random data, not just urandom, openssl, and win32. -- https://bugs.ruby-lang.org/ Unsubscribe: