[erlang-questions] Yaws security alert - Yaws 1.93
Thu Jun 21 09:06:08 CEST 2012
On 06/20/2012 05:00 PM, Bob Ippolito wrote:
> The random module is *very* weak, it has less than 48 bits of state (Wichmann-Hill 1982). It doesnt really generate results appropriate for double precision float, and it fails modern test suites for PRNGs, so it's basically unsuitable for most modern applications. Also, I haven't looked at Yaws' implementation but the random module only ensures that you have a good seed if you are using the process dictionary version of the API, otherwise you have to ensure that each component is non-zero and not an integer multiple of the prime for that component yourself.
> The best alternative is what this version appears to use: the crypto module. If you need something faster that doesn't have to be safe for cryptographic purposes you'll have to look outside of OTP.
If you are interested in an alternative to the random module which does not need to be safe for cryptographic purposes, there is an implementation of a newer algorithm done by the same authors (Wichmann-Hill 2006) which has an implementation here https://github.com/jj1bdx/sfmt-erlang/blob/master/src/random_wh06_int.erl . I believe this implementation is faithful to the original algorithm and avoids precision problems by leveraging Erlang's big integers support. However, I haven't gotten to providing tests for the algorithm yet, because I haven't needed it yet.
A simple application, is a quicker way to do a v4 UUID (i.e., quicker than crypto), where you are not forced to call the random module multiple times (since random only provides 45 bits of pseudo-randomness, but the newer 2006 algorithm provides 124 bits of pseudo-randomness).
So, if anyone is interested, that is a place to look if you need more pseudo-randomness for non-cryptographic purposes.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions