Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Request for stronger random seeding #5206

Closed
vicuna opened this issue Jan 18, 2011 · 4 comments
Closed

Request for stronger random seeding #5206

vicuna opened this issue Jan 18, 2011 · 4 comments
Assignees
Labels

Comments

@vicuna
Copy link

vicuna commented Jan 18, 2011

Original bug ID: 5206
Reporter: lealanko
Assigned to: @damiendoligez
Status: closed (set by @xavierleroy on 2015-07-24T08:39:04Z)
Resolution: fixed
Priority: normal
Severity: tweak
Version: 3.12.0
Fixed in version: 4.00.0
Category: ~DO NOT USE (was: OCaml general)
Monitored by: @dbuenzli

Bug description

I'm a bit concerned with OCaml's random seeds. I'm writing some distributed software and I'm generating random UUIDs which need to be unique across the network. However, it turns out that a random generator initialized with Random.State.make_self_init gets only 31 bits of entropy on a 32-bit platform, and in any case it uses only time and pid as seeds, without even trying to get any data that would be unique to the machine.

Even if the 31-bit seed function had perfectly uniform distribution, it would only require 7000 nodes for the possibility of a seed collision to be 1%. That is too close to comfort to be within the realm of possibility. What use is a 128-bit UUID if it is only generated from 31 bits of seed?

Obviously I can do my own seeding if I'm not satisfied with the default seed, and I will probably do that, but existing software that uses the default seeding function (e.g. the Uuidm library) would benefit from an enhancement.

So please make the default seeding function a bit stronger, by e.g. using /dev/(u)random where available, and without packing all the entropy into a single int.

@vicuna
Copy link
Author

vicuna commented Jan 18, 2011

Comment author: @ygrek

FWIW, there is support for /dev/random and EGD in cryptokit, probably uuidm should optionally use it (it will not cause binary dependency because of objects).

@vicuna
Copy link
Author

vicuna commented Jan 20, 2011

Comment author: @damiendoligez

The self_init function is only intended for toy examples. If you need serious entropy, you should get it from the OS somehow. We don't provide it through the stdlib because there isn't any good portable way to do that, and providing a function with good entropy on some systems and bad entropy on others would be worse than nothing.

I'll "fix" this by documenting the fact that self_init provides low entropy and advising against its use in serious applications that need high entropy.

@vicuna
Copy link
Author

vicuna commented Sep 6, 2012

Comment author: @xavierleroy

Since OCaml 4.00.0, Random.self_init uses /dev/urandom if it is available, so the situation should have improved, at least on platforms that support /dev/urandom (Linux, BSD, MacOS X, Solaris).

I second ygrek's suggestion to use Cryptokit if you need strong pseudorandom numbers.

@vicuna
Copy link
Author

vicuna commented Sep 6, 2012

Comment author: @dbuenzli

As uuidm is mentioned, I'd just like to add that since v0.9.4 you can define your own random state with the function Uuidm.v4_gen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants