Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "insecure" functions #546

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add "insecure" functions #546

wants to merge 1 commit into from

Conversation

newpavlov
Copy link
Member

@newpavlov newpavlov commented Nov 27, 2024
edited
Loading

Adds 4 new functions: insecure_fill, insecure_fill_uninit, insecure_u32, and insecure_u32.

On some platforms these function can be less prone to blocking, but may return potentially "insecure" random data. Such data can be used for seeding HashMaps and non-security-sensitive PRNGs.

Closes #365

@newpavlov newpavlov mentioned this pull request Nov 27, 2024
Open
@dhardy
Copy link
Member

dhardy commented Nov 27, 2024

My quick thoughts:

  • This doesn't need to happen before v0.3 since it's a non-breaking addition to the API
  • We should not rush this to allow more time for review from interested parties since it may be a controversial change
  • There needs to good justification for why this should exist. You suggest seeding hash-maps but are there legitimate use-cases where the secure random data is not yet available and the application would not need to block anyway?

@newpavlov
Copy link
Member Author

This doesn't need to happen before v0.3 since it's a non-breaking addition to the API

In its current form, yes, it's. But I haven't decided yet on which approach to use. Alternative proposals in the issue suggested to use an "option" argument instead. So I would like to sort this out as part of the v0.3 release.

are there legitimate use-cases where the secure random data is not yet available and the application would not need to block anyway?

Seeding of hash maps and non-security-critical PRNGs are both legitimate use-cases. For example, see discussions about issues with systemd which led to the introduction of the GRND_INSECURE flag.

@dhardy
Copy link
Member

dhardy commented Nov 28, 2024

In its current form, yes, it's. But I haven't decided yet on which approach to use.

Then it could be added in v0.4. I avoided putting out many breaking releases for rand because moving to a new version can be a big deal for users, but I don't think that should be the case with getrandom.

Seeding of hash maps and non-security-critical PRNGs are both legitimate use-cases. For example, see discussions about issues with systemd which led to the introduction of the GRND_INSECURE flag.

Yes, systemd is a special case because it operates in an early boot environment. But precisely because this is a special case (and also very targeted to a specific environment) it probably isn't going to use a general-purpose library like getrandom. I would expect most other applications needing to deal with early boot to be special cases which wouldn't want to use a general-purpose getrandom library too (I may be wrong, but until I see evidence I will assume that is not the case).

Hence "systemd needs this" is not good justification for this feature.

@dhardy
Copy link
Member

dhardy commented Nov 28, 2024

Possibly of note is rust-lang/rust#130703: introduction of what is effectively getrandom within std. The internal code does use insecure seeding for hashmaps but the public API proposed here only exposes secure seeding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for non-blocking getrandom
2 participants
@newpavlov @dhardy