[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New function: secure-random-bytes
From: |
Ted Zlatanov |
Subject: |
Re: New function: secure-random-bytes |
Date: |
Mon, 27 Jun 2011 11:10:36 -0500 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) |
On Fri, 24 Jun 2011 10:33:47 -0700 Paul Eggert <address@hidden> wrote:
PE> On 06/24/11 02:57, Ted Zlatanov wrote:
>> Do you think you could you provide three functions,
>> `secure-random-bytes-{urandom,gnutls,openssl}' instead of three versions
>> with the same name?
PE> I dunno, I kind of like the simpler interface.
PE> It's better to have the notion of a random-source,
PE> independent of the notion of generating random bytes from it.
PE> Whether that source should be represenated by an atom or
PE> by something else is a different matter.
At least for GnuTLS it would make sense to put the function that
actually calls GnuTLS at the C level in gnutls.c. Ditto for OpenSSL.
Beyond that, it can be abstracted any way you like :) My way was just a
suggestion.
PE> I suggest using ISAAC-64, which is what coreutils' random-bytes
PE> generators use by default. (Coreutils originally defaulted to
PE> /dev/urandom, but users complained because that was too slow.)
PE> On my list of things to do is to gnulib-ize the coreutils
PE> ISAAC-64 and random-bytes generators, and I can do that if
PE> there's interest.
Works for me. I think you're right about the /dev/urandom performance.
Ted