-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example of what can go wrong with RNGs #43
Comments
Regarding the seeding and the use of non-crypto RNGs I think we're already fine. The only other things are the non-uniform char selection (maybe we mention this somewhere??) and the index bug. We already make it pretty easy to generate passwords, possibly even more securely than the fixed KPM. Example: https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=7af982aa9bda9b782aaeadc697cec3f2 We could add |
This blog post about the Kaspersky password manager is a nice example of what can go wrong when choosing and initializing an RNG. Maybe it's worth it to add it to the book as a reference? It's mentions a lot of pitfalls that Rand avoids.
The text was updated successfully, but these errors were encountered: