Use one PRNG even if user requests multiple passphrases #22
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This section from the Rust Rand Book on Parallel RNGs seems to imply that it's fine to use "a custom RNG per worker thread" or "per work unit". If we assume it's safe to think of each requested passphrase as a "work unit", Phraze existing approach of creating a "custom" generator for each passphrase is inline with a "suggested approach" from the Rand Book, which is good enough for me. |
|
If we do end up doing this, I should move the PRNG creation to |
|
I think using multiple PRNGs is fine, from a security-perspective. Closing this without merging at this time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In my amateur research of CSPRNGs for #21, I came across some cryptographic notes of caution about generating many pseudo-random number generators (I'll try to find some of these links).
The current version of Phraze creats a CSPRNG for each passphrase the user requests. So for example, if the user runs
phraze -n 5to get 5 passphrases, Phraze creates 5 CSPRNGs, one for each.In contrast, this PR has Phraze create one CSPRNG in
main.rsand use that to generate all passphrases that the user might ask for.I'm not yet sure which approach is more safe/secure, but like #21, I'm opening a PR as a question for research/comments/thoughts. Also, of course, it might not really be significant for Phraze.