|Anonymous | Login | Signup for a new account||2013-12-09 09:07 CET|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005206||OCaml||OCaml general||public||2011-01-18 01:03||2012-09-07 01:31|
|Target Version||Fixed in Version||4.00.0|
|Summary||0005206: Request for stronger random seeding|
|Description||I'm a bit concerned with OCaml's random seeds. I'm writing some distributed software and I'm generating random UUIDs which need to be unique across the network. However, it turns out that a random generator initialized with Random.State.make_self_init gets only 31 bits of entropy on a 32-bit platform, and in any case it uses only time and pid as seeds, without even trying to get any data that would be unique to the machine.|
Even if the 31-bit seed function had perfectly uniform distribution, it would only require 7000 nodes for the possibility of a seed collision to be 1%. That is too close to comfort to be within the realm of possibility. What use is a 128-bit UUID if it is only generated from 31 bits of seed?
Obviously I can do my own seeding if I'm not satisfied with the default seed, and I will probably do that, but existing software that uses the default seeding function (e.g. the Uuidm library) would benefit from an enhancement.
So please make the default seeding function a bit stronger, by e.g. using /dev/(u)random where available, and without packing all the entropy into a single int.
|Tags||No tags attached.|
|FWIW, there is support for /dev/random and EGD in cryptokit, probably uuidm should optionally use it (it will not cause binary dependency because of objects).|
The self_init function is only intended for toy examples. If you need serious entropy, you should get it from the OS somehow. We don't provide it through the stdlib because there isn't any good portable way to do that, and providing a function with good entropy on some systems and bad entropy on others would be worse than nothing.
I'll "fix" this by documenting the fact that self_init provides low entropy and advising against its use in serious applications that need high entropy.
Since OCaml 4.00.0, Random.self_init uses /dev/urandom if it is available, so the situation should have improved, at least on platforms that support /dev/urandom (Linux, BSD, MacOS X, Solaris).
I second ygrek's suggestion to use Cryptokit if you need strong pseudorandom numbers.
|As uuidm is mentioned, I'd just like to add that since v0.9.4 you can define your own random state with the function Uuidm.v4_gen.|
|2011-01-18 01:03||lealanko||New Issue|
|2011-01-18 09:08||ygrek||Note Added: 0005779|
|2011-01-20 17:14||doligez||Note Added: 0005786|
|2011-01-20 17:14||doligez||Assigned To||=> doligez|
|2011-01-20 17:14||doligez||Status||new => acknowledged|
|2012-09-06 16:43||doligez||Target Version||=> 4.00.1+dev|
|2012-09-06 19:00||xleroy||Note Added: 0008027|
|2012-09-06 19:00||xleroy||Status||acknowledged => resolved|
|2012-09-06 19:00||xleroy||Resolution||open => fixed|
|2012-09-06 19:00||xleroy||Fixed in Version||=> 4.00.0|
|2012-09-06 19:00||xleroy||Target Version||4.00.1+dev =>|
|2012-09-07 01:31||dbuenzli||Note Added: 0008029|
|Copyright © 2000 - 2011 MantisBT Group|