Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005206OCamlOCaml generalpublic2011-01-18 01:032012-09-07 01:31
Reporterlealanko 
Assigned Todoligez 
PrioritynormalSeveritytweakReproducibilityN/A
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.12.0 
Target VersionFixed in Version4.00.0 
Summary0005206: Request for stronger random seeding
DescriptionI'm a bit concerned with OCaml's random seeds. I'm writing some distributed software and I'm generating random UUIDs which need to be unique across the network. However, it turns out that a random generator initialized with Random.State.make_self_init gets only 31 bits of entropy on a 32-bit platform, and in any case it uses only time and pid as seeds, without even trying to get any data that would be unique to the machine.

Even if the 31-bit seed function had perfectly uniform distribution, it would only require 7000 nodes for the possibility of a seed collision to be 1%. That is too close to comfort to be within the realm of possibility. What use is a 128-bit UUID if it is only generated from 31 bits of seed?

Obviously I can do my own seeding if I'm not satisfied with the default seed, and I will probably do that, but existing software that uses the default seeding function (e.g. the Uuidm library) would benefit from an enhancement.

So please make the default seeding function a bit stronger, by e.g. using /dev/(u)random where available, and without packing all the entropy into a single int.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0005779)
ygrek (reporter)
2011-01-18 09:08

FWIW, there is support for /dev/random and EGD in cryptokit, probably uuidm should optionally use it (it will not cause binary dependency because of objects).
(0005786)
doligez (administrator)
2011-01-20 17:14

The self_init function is only intended for toy examples. If you need serious entropy, you should get it from the OS somehow. We don't provide it through the stdlib because there isn't any good portable way to do that, and providing a function with good entropy on some systems and bad entropy on others would be worse than nothing.

I'll "fix" this by documenting the fact that self_init provides low entropy and advising against its use in serious applications that need high entropy.
(0008027)
xleroy (administrator)
2012-09-06 19:00

Since OCaml 4.00.0, Random.self_init uses /dev/urandom if it is available, so the situation should have improved, at least on platforms that support /dev/urandom (Linux, BSD, MacOS X, Solaris).

I second ygrek's suggestion to use Cryptokit if you need strong pseudorandom numbers.
(0008029)
dbuenzli (reporter)
2012-09-07 01:31

As uuidm is mentioned, I'd just like to add that since v0.9.4 you can define your own random state with the function Uuidm.v4_gen.

- Issue History
Date Modified Username Field Change
2011-01-18 01:03 lealanko New Issue
2011-01-18 09:08 ygrek Note Added: 0005779
2011-01-20 17:14 doligez Note Added: 0005786
2011-01-20 17:14 doligez Assigned To => doligez
2011-01-20 17:14 doligez Status new => acknowledged
2012-09-06 16:43 doligez Target Version => 4.00.1+dev
2012-09-06 19:00 xleroy Note Added: 0008027
2012-09-06 19:00 xleroy Status acknowledged => resolved
2012-09-06 19:00 xleroy Resolution open => fixed
2012-09-06 19:00 xleroy Fixed in Version => 4.00.0
2012-09-06 19:00 xleroy Target Version 4.00.1+dev =>
2012-09-07 01:31 dbuenzli Note Added: 0008029


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker