[erlang-questions] Yaws security alert - Yaws 1.93

Robert Virding <>
Mon Jun 25 01:56:40 CEST 2012


The original random module was never meant to be cryptographically safe, it was just a simple and reasonably fast PRNG. The bug, if there is one, was that this was never explicitly stated in the documentation. And as Kenji said even the MT are not cryptographically safe either, and were never meant to be, even though they are much better PRNG.

The best solution is Richard's to create an explicit module for cryptographically safe random numbers. And include a better "normal" PRNG than random, for example Kenji's. Which can be made drop-in compatible with the existing one.

Robert

----- Original Message -----
> FYI:
> 
> * Mersenne Twister PRNGs are NOT cryptographically safe either,
> although
>   the random number generation period is much much longer (approx.
>   2^43
>   on AS183, (2^19937) - 1 for SFMT) and the state space is far less
>   easier to be exploited.
> 
> * sfmt-erlang is now runable on non-NIF environment (though it's
> slow)
> 
> * I've been working on a lightweight variant of MT called TinyMT
> (period:
>   (2^127) - 1, internal state: 28 bytes), including compatibility
>   functions to the random module, and is capable of generating ~2^58
>   different RNG streams.  It's at
>   https://github.com/jj1bdx/tinymt-erlang
> 
> ++> Tuncer Ayaz <> [2012-06-21 12:47:46 +0200]:
> > It should probably be replaced with Kenji's sfmt-erlang or an
> > implementation of (C)MWC.
> > 
> > https://groups.google.com/group/comp.soft-sys.math.mathematica/msg/95a94c3b2aa5f077
> 
> Kenji Rikitake
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
> 



More information about the erlang-questions mailing list