[erlang-questions] Random/Crypto Issue with Erlang?

Technion technion@REDACTED
Fri Jun 10 05:06:01 CEST 2016


Hi,


I note the manual for rand_bytes() describes it as note cryptographically strong:


http://erlang.org/doc/man/crypto.html#rand_bytes-1


This function is not recommended for cryptographic purposes


Reviewing the manual for "strong rand bytes" however:


http://erlang.org/doc/man/crypto.html#strong_rand_bytes-1


By default this is the RAND_bytes method from OpenSSL.


This isn't necessarily a great solution either, with both Node and Ruby being advised against this:


https://bugs.ruby-lang.org/issues/9569


https://github.com/nodejs/node/issues/5798



________________________________
From: erlang-questions-bounces@REDACTED <erlang-questions-bounces@REDACTED> on behalf of Jesper Louis Andersen <jesper.louis.andersen@REDACTED>
Sent: Friday, 10 June 2016 2:46:45 AM
To: duncan@REDACTED
Cc: Erlang (E-mail)
Subject: Re: [erlang-questions] Random/Crypto Issue with Erlang?


You probably want Kenji Rikitake. The thing is about CSPRNGs and using strong random bytes from crypto.

On Jun 9, 2016 4:06 PM, <duncan@REDACTED<mailto:duncan@REDACTED>> wrote:
I believe one of the lightning talks at Erlang Factory SF 2016 was about an issue with randomness and crypto and something we shouldn't use and what we should do instead. Does this ring a bell? Can anyone point me to the do's and don't's that were mentioned? Or who gave that talk so I can contact him?

Duncan Sparrell
s-Fractal Consulting LLC

_______________________________________________
erlang-questions mailing list
erlang-questions@REDACTED<mailto:erlang-questions@REDACTED>
http://erlang.org/mailman/listinfo/erlang-questions

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160610/a9a1558e/attachment.htm>


More information about the erlang-questions mailing list