Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Example of what can go wrong with RNGs #43

Open
vks opened this issue Jul 7, 2021 · 1 comment
Open

Example of what can go wrong with RNGs #43

vks opened this issue Jul 7, 2021 · 1 comment

Comments

@vks
Copy link
Contributor

vks commented Jul 7, 2021

This blog post about the Kaspersky password manager is a nice example of what can go wrong when choosing and initializing an RNG. Maybe it's worth it to add it to the book as a reference? It's mentions a lot of pitfalls that Rand avoids.

@dhardy
Copy link
Member

dhardy commented Jul 19, 2021

Regarding the seeding and the use of non-crypto RNGs I think we're already fine. The only other things are the non-uniform char selection (maybe we mention this somewhere??) and the index bug.

We already make it pretty easy to generate passwords, possibly even more securely than the fixed KPM. Example: https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=7af982aa9bda9b782aaeadc697cec3f2

We could add Rng::gen_string(dist: D, len: usize) -> String maybe?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants