Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an insecure interface. #29

Merged
merged 1 commit into from
May 10, 2023
Merged

Add an insecure interface. #29

merged 1 commit into from
May 10, 2023

Conversation

sunfishcode
Copy link
Member

Add an insecure interface, and split the seed function into its own interface, producing three interfaces:

  • random, for secure pseudo-random numbers
  • insecure, for pseudo-random numbers that are not secure
  • insecure-seed, for supporting hash-map DoS protection

We've gone back and forth on whether such an API is desirable, but it's now motivated by the need to implement things like JavaScript's Math.random, which want to be random, don't want to run their own PRNG, and don't need to be secure. And in fact, they specifically don't want to be secure, because they want to allow hosts to make them deterministic if they wish to.

@sunfishcode
Add an insecure interface.
0e9408c 
Add an `insecure` interface, and split the seed function into its own
interface, producing three interfaces:
 - `random`, for secure pseudo-random numbers
 - `insecure`, for pseudo-random numbers that are not secure
 - `insecure-seed`, for supporting hash-map DoS protection

We've gone back and forth on whether such an API is desirable, but it's
now motivated by the need to implement things like JavaScript's
`Math.random`, which want to be random, don't want to run their own PRNG,
and don't need to be secure. And in fact, they specifically don't want
to be secure, because they want to allow hosts to make them
deterministic if they wish to.
@sunfishcode sunfishcode force-pushed the sunfishcode/insecure-random branch from befd04b to 0e9408c Compare May 3, 2023 22:42
@pannous
Copy link

pannous commented May 5, 2023

maybe random should return true random numbers and pseudo-random should return pseudo-random numbers

@sunfishcode
Copy link
Member Author

True Random Number Generators (TRNG) are specialized things which are complex to use effectively, complex to implement, and very few applications need to use them (directly). Such things could be added to WASI, but I myself am not proposing to do so at this time.

If WASI does add TRNG APIs, I imagine we'll want to give them qualified names, rather than just calling them "random", to help avoid people using them without realizing what they're getting themselves into.

@sunfishcode sunfishcode merged commit 2f887bf into main May 10, 2023
@sunfishcode sunfishcode deleted the sunfishcode/insecure-random branch May 10, 2023 19:12
@sunfishcode sunfishcode mentioned this pull request May 15, 2023
Closed
@programmerjake programmerjake mentioned this pull request Feb 15, 2025
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sunfishcode @pannous