[erlang-questions] Yaws security alert - Yaws 1.93

[Richard O'Keefe]

On 21/06/2012, at 8:03 PM, Claes Wikstrom wrote:
> Indeed, that being said, I think there is quite a few Erlang applications
> out there that use the OTP random module, some, probably quite a few, of
> those applications use the random module in what could be considered
> a security related setting. It could be anything, the original author
> needed a random number, picked the random module, and now years later, it turns out that  these random numbers are security related.
> 
> Not good, a good solution would be to replace the current random module with
> a backwards compat implementation that use a better algorithm.

Was it the Erlang thread or the SWI Prolog thread where we had a lengthy
discussion about this not so long ago?  I remember writing a version of
the 4-cycle algorithm for one of those groups.

Java makes a clear distinction between java.util.Random and
java.Security.SecureRandom, and for good reason.

A pseudo-random number generator to be used for generating test cases and
doing simulations has *different* quality goals from a prng to be used
for security applications.  There are plenty of better algorithms for
the first purpose; the Web is full of them.  But they *still* are not going
to be trustworthy for cryptographic purposes, and it is *still* going to be
a mistake for anyone to use them so.

We need a secure_random module, and I leave designing that to people
who know something about the area.