CSPRNG functions


#1

Generally in cryptography, we need to use Cryptographically Secure Pseudo-Random Number Generator. But I could not find anything like that in Julia.

Python has CSPRNG which I could use (based on this example):

julia> using PyCall

julia> @pyimport sys

julia> @pyimport random

julia> r = random.SystemRandom()
PyObject <random.SystemRandom object at 0x0000000013302DA8>

julia> r[:randint]
PyObject <bound method Random.randint of <random.SystemRandom object at 0x0000000013302DA8>>

julia> r[:randint](0,sys.maxsize) ### Python3 uses `maxsize`
8681753530439117037

julia> r[:randint](0,sys.maxsize)
5536205657554653966

This works pretty well, though, I think it would be cool to have our own CSPRNG functions. Anyone working on this?


#2

there is the RandomDevice type, which is a wrapper for the OS random device.


#3

Does https://github.com/faf0/AES.jl help at all?


#4

No! It does not.

  1. CSPRNGs are used, for example, to generate the keys (but you can [see] (https://github.com/faf0/AES.jl/blob/master/test/runtests.jl) only hardcoded keys are used). This module has not random component whatsoever.
  2. This module is dangerously outdated (last commit was 2 years ago). I received multiple errors while trying. For example, Uint8 is no longer a data type (replaced by UInt8)…

#5

If the entropy is generated from the OS, then it should be fine. But you have to mentioned it clearly (whether it’s a CSPRNG, is there any caveat…).
For example, this documentation specifies:

… should be unpredictable enough for cryptographic applications, though …

I was reading the documentation for RandomDevice, it says:

– which is vague.


#6

it is exactly the same, i suppose, as python’s system random. on linux, it will be /dev/urandom


#7

Awesome!

It’ll be nice to incorporate this information in RandomDevice's documentation. And also, is there any caveat?