[Haskell-cafe] ANN: nonce package
62 views
Skip to first unread message
Felipe Lessa
May 22, 2015, 7:06:53 PM5/22/15
to Haskell Cafe, web-devel, Haskell
(Please forgive me if you received multiple copies of this e-mail.)
Hello,
The nonce package [1] contains functions to easily generate
cryptographic nonces for many situations. Some places where these
generated nonces can be used include:
- Password recovery e-mail tokens.
- XSRF protection tokens.
- Session IDs sent on cookies.
- Initialization vectors.
It uses an AES CPRNG periodically reseeded from /dev/urandom (or
equivalent). It has no frills, no knobs, so it's hard to misuse. It's
been available for an year but I just realized I've never properly
announced it.
Regrettably, I've seen many uses of the random package (System.Random)
when generating nonces. It's a bad choice: it is not a
cryptographically secure PRNG, contains low entropy (64-bit state), and
its default usage is seeded predictably (using a constant seed). Please
avoid using the random package for generating nonces at all costs. In
its stead, use the nonce package or something similar.
Cheers,
[1] http://hackage.haskell.org/package/nonce
--
Felipe.
Hello,
The nonce package [1] contains functions to easily generate
cryptographic nonces for many situations. Some places where these
generated nonces can be used include:
- Password recovery e-mail tokens.
- XSRF protection tokens.
- Session IDs sent on cookies.
- Initialization vectors.
It uses an AES CPRNG periodically reseeded from /dev/urandom (or
equivalent). It has no frills, no knobs, so it's hard to misuse. It's
been available for an year but I just realized I've never properly
announced it.
Regrettably, I've seen many uses of the random package (System.Random)
when generating nonces. It's a bad choice: it is not a
cryptographically secure PRNG, contains low entropy (64-bit state), and
its default usage is seeded predictably (using a constant seed). Please
avoid using the random package for generating nonces at all costs. In
its stead, use the nonce package or something similar.
Cheers,
[1] http://hackage.haskell.org/package/nonce
--
Felipe.
Tobias Dammers
May 23, 2015, 1:01:43 PM5/23/15
to has...@haskell.org, Haskell Cafe
Looks useful; feature request: something like
nonce :: MonadIO => Int -> Generator
(plus -url and -T flavors, obviously). I believe allowing the programmer
to balance security vs. usability demands would be a good thing overall
and worth a knob.
-> m ByteString
> _______________________________________________
> Haskell mailing list
> Has...@haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell
--
Tobias Dammers - tdam...@gmail.com
_______________________________________________
Haskell-Cafe mailing list
Haskel...@haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
nonce :: MonadIO => Int -> Generator
(plus -url and -T flavors, obviously). I believe allowing the programmer
to balance security vs. usability demands would be a good thing overall
and worth a knob.
-> m ByteString
> Haskell mailing list
> Has...@haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell
--
Tobias Dammers - tdam...@gmail.com
_______________________________________________
Haskell-Cafe mailing list
Haskel...@haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Geraldus
Jun 7, 2015, 4:27:05 AM6/7/15
to has...@haskell.org, Haskell Cafe
Hi, Felipe! Thank you for sharing!
The one question I have is there some good way to generate unique nonces?
сб, 23 мая 2015 г. в 22:01, Tobias Dammers <tdam...@gmail.com>:
Geraldus
Jun 7, 2015, 5:44:20 AM6/7/15
to has...@haskell.org, Haskell Cafe
Also it is good to make a new generator in function which
produces a nonce? E.g.
generateNonce :: forall (m :: * -> *). (MonadIO m, Functor m) => m Text
generateNonce =
do g <- new
nonce128urlT g
вс, 7 июня 2015 г. в 13:26, Geraldus <hera...@gmail.com>:
Felipe Lessa
Jun 7, 2015, 8:44:01 AM6/7/15
to haskel...@haskell.org
> <mailto:hera...@gmail.com>>:
there's a huge bug, or your /dev/urandom is broken.
> Also it is good to make a new generator in function which
> produces a nonce? E.g.
>
> generateNonce :: forall (m :: * -> *). (MonadIO m, Functor m) => m Text
> generateNonce =
> do g <- new
> nonce128urlT g
You will not shoot yourself in the foot security-wise. You are not able
to distinguish a sequence of nonces generated by
replicateM n (new >>= nonce128urlT)
vs
new >>= replicateM n . nonce128urlT
However, 'new' is a _very_ expensive function. Your generateNonce
function will have abysmal performance (and so will the first example
above). Please avoid creating many generators.
Cheers,
--
Felipe.
>
> Hi, Felipe! Thank you for sharing!
>
> The one question I have is there some good way to generate unique
> nonces?
Nonces generated by the nonce package are always unique. If not,
> Hi, Felipe! Thank you for sharing!
>
> The one question I have is there some good way to generate unique
> nonces?
there's a huge bug, or your /dev/urandom is broken.
> Also it is good to make a new generator in function which
> produces a nonce? E.g.
>
> generateNonce :: forall (m :: * -> *). (MonadIO m, Functor m) => m Text
> generateNonce =
> do g <- new
> nonce128urlT g
to distinguish a sequence of nonces generated by
replicateM n (new >>= nonce128urlT)
vs
new >>= replicateM n . nonce128urlT
However, 'new' is a _very_ expensive function. Your generateNonce
function will have abysmal performance (and so will the first example
above). Please avoid creating many generators.
Cheers,
--
Felipe.
Reply all
Reply to author
Forward
0 new messages