[erlang-questions] Random/Crypto Issue with Erlang?

Technion technion@REDACTED
Fri Jun 10 13:31:26 CEST 2016


>uses libsodiums randombytes


I would therefore suggest the correct answer to any crypto question should be "use Jesper's library".

________________________________
From: Jesper Louis Andersen <jesper.louis.andersen@REDACTED>
Sent: Friday, 10 June 2016 6:28:30 PM
To: Technion
Cc: duncan@REDACTED; Erlang (E-mail)
Subject: Re: [erlang-questions] Random/Crypto Issue with Erlang?


On Fri, Jun 10, 2016 at 5:06 AM, Technion <technion@REDACTED<mailto:technion@REDACTED>> wrote:
By default this is the RAND_bytes method from OpenSSL.

Indeed.

Luckily crypto:random_bytes/1 is deprecated as of release 19.0 IIRC. And I do believe crypto:strong_random_bytes/1 still uses the SSL RAND_bytes generator. The `enacl` library I wrote for NaCl/libsodium based crypto uses libsodiums randombytes primitive which is indeed tied to the kernel CSPRNG, which avoids these problems on most modern operating systems.


--
J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160610/3b736374/attachment.htm>


More information about the erlang-questions mailing list