[erlang-questions] Random/Crypto Issue with Erlang?

Technion technion@REDACTED
Fri Jun 10 05:06:01 CEST 2016


I note the manual for rand_bytes() describes it as note cryptographically strong:


This function is not recommended for cryptographic purposes

Reviewing the manual for "strong rand bytes" however:


By default this is the RAND_bytes method from OpenSSL.

This isn't necessarily a great solution either, with both Node and Ruby being advised against this:



From: erlang-questions-bounces@REDACTED <erlang-questions-bounces@REDACTED> on behalf of Jesper Louis Andersen <jesper.louis.andersen@REDACTED>
Sent: Friday, 10 June 2016 2:46:45 AM
To: duncan@REDACTED
Cc: Erlang (E-mail)
Subject: Re: [erlang-questions] Random/Crypto Issue with Erlang?

You probably want Kenji Rikitake. The thing is about CSPRNGs and using strong random bytes from crypto.

On Jun 9, 2016 4:06 PM, <duncan@REDACTED<mailto:duncan@REDACTED>> wrote:
I believe one of the lightning talks at Erlang Factory SF 2016 was about an issue with randomness and crypto and something we shouldn't use and what we should do instead. Does this ring a bell? Can anyone point me to the do's and don't's that were mentioned? Or who gave that talk so I can contact him?

Duncan Sparrell
s-Fractal Consulting LLC

erlang-questions mailing list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160610/a9a1558e/attachment.htm>

More information about the erlang-questions mailing list