Using math/rand with a crypto/rand Source
665 views
Skip to first unread message
Brad Fitzpatrick
Jul 1, 2014, 2:02:48 PM7/1/14
to golang-dev
Gophers,
I'd like to provide a bridge to return either a *math/rand.Rand or a math/rand.Source (or equivalent) from the crypto/rand package.
crypto/rand already depends on (but does not import) math/rand, it turns out. But I could provide a math/rand.Source (interface) without depending on math/rand directly, if needed.
Yay? Nay?
Adam Langley
Jul 1, 2014, 2:06:32 PM7/1/14
to Brad Fitzpatrick, golang-dev
On Tue, Jul 1, 2014 at 11:02 AM, Brad Fitzpatrick <brad...@golang.org> wrote:
> crypto/rand already depends on (but does not import) math/rand, it turns
> out. But I could provide a math/rand.Source (interface) without depending
> on math/rand directly, if needed.
I would imagine this to be best implemented in math/rand as a way to
> crypto/rand already depends on (but does not import) math/rand, it turns
> out. But I could provide a math/rand.Source (interface) without depending
> on math/rand directly, if needed.
get a Source from any io.Reader. Then you could plug crypto/rand into
it, but also any other thing that you might care to.
Cheers
AGL
Brad Fitzpatrick
Jul 1, 2014, 2:07:21 PM7/1/14
to Adam Langley, golang-dev
Yes, I like that.
Russ Cox
Jul 1, 2014, 2:08:53 PM7/1/14
to Brad Fitzpatrick, golang-dev
I'm not convinced this needs to be in the standard library. Regardless, it's a tiny amount of code. In what settings does this come up? It's hard to imagine.
roger peppe
Jul 2, 2014, 7:54:49 AM7/2/14
to Brad Fitzpatrick, golang-dev
I've wanted this a few times in the past, and I think it's
worth adding, just to make these two pieces of stdlib
work more nicely together.
The only wrinkle is Source.Seed. Should this do nothing?
Panic?
> --
> You received this message because you are subscribed to the Google Groups
> "golang-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-dev+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
worth adding, just to make these two pieces of stdlib
work more nicely together.
The only wrinkle is Source.Seed. Should this do nothing?
Panic?
> You received this message because you are subscribed to the Google Groups
> "golang-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-dev+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Taru Karttunen
Jul 3, 2014, 6:03:43 AM7/3/14
to Russ Cox, Brad Fitzpatrick, golang-dev
then uses that for sensitive things. The easiest way to use random
numbers should be secure, otherwise lazy client code will have issues.
Needing secure random integers is quite common in client code. If
adding to the stdlib is frowned, maybe create a go.crypto/randint
package with the API? (I can create code for that if needed).
- Taru Karttunen
Reply all
Reply to author
Forward
0 new messages