[#100689] [Ruby master Feature#17303] Make webrick to bundled gems or remove from stdlib — hsbt@...
Issue #17303 has been reported by hsbt (Hiroshi SHIBATA).
11 messages
2020/11/02
[#100852] [Ruby master Feature#17326] Add Kernel#must! to the standard library — zimmerman.jake@...
Issue #17326 has been reported by jez (Jake Zimmerman).
24 messages
2020/11/14
[#100930] [Ruby master Feature#17333] Enumerable#many? — masafumi.o1988@...
Issue #17333 has been reported by okuramasafumi (Masafumi OKURA).
10 messages
2020/11/18
[#101071] [Ruby master Feature#17342] Hash#fetch_set — hunter_spawn@...
Issue #17342 has been reported by MaxLap (Maxime Lapointe).
26 messages
2020/11/25
[ruby-core:100835] [Ruby master Misc#17319] Rename Random::urandom to os_random and document random data sources
From:
eregontp@...
Date:
2020-11-13 17:07:28 UTC
List:
ruby-core #100835
Issue #17319 has been updated by Eregon (Benoit Daloze). zofrex (James Sanderson) wrote in #note-6: > I think that people reading "raw_seed" are likely to think that either this returns the seed for the RNG or perhaps that this method is only suitable for seeding another RNG, rather than using this method as an RNG. The latter case is somewhat plausible because on some systems there are RNG sources that aren't suitable for generating lots of random data, but can be used to seed a PRNG, so I think it's important to distinguish from that. That's the point, it's not a good idea to use this API to generate an arbitrary number of random bytes. Only to use it to seed a RNG. It's just slower, inefficient and apparently not more secure to read many bytes from /dev/urandom. FWIW there is already `Random.new_seed #=> Integer`. The reference in the doc of `Random.urandom` to `man 7 random` seems to be: > While some safety margin above that minimum is reasonable, as a guard against flaws in the CSPRNG algorithm, no cryptographic > primitive available today can hope to promise more than 256 bits of security, so if any program reads more than 256 bits (32 > bytes) from the kernel random pool per invocation, or per reasonable reseed interval (not less than one minute), that should be > taken as a sign that its cryptography is not skillfully implemented. ---------------------------------------- Misc #17319: Rename Random::urandom to os_random and document random data sources https://bugs.ruby-lang.org/issues/17319#change-88477 * Author: zofrex (James Sanderson) * Status: Open * Priority: Normal ---------------------------------------- SecureRandom gets randomness from `Random::urandom`, which is a confusing name because `urandom` only uses /dev/urandom in some circumstances. On reading the `secure_random.rb` code this morning I got very confused how it was supporting "win32" for example, because it appears to only use openssl and /dev/urandom. I have renamed `urandom` to `os_random`. With this change, it is much more obvious from reading `secure_random.rb` what is happening, in my opinion. I have also added `urandom` as an alias to `os_random` so this is not a breaking change. I am not 100% sure I documented this alias correctly. I have also updated the documentation for `os_random` (was `urandom`), `SecureRandom`, and `random_raw_seed` to reflect that there are multiple potential sources for random data, not just urandom, openssl, and win32. -- https://bugs.ruby-lang.org/ Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>