Supplying high-quality entropy to programs #818
Labels
area-Core
This affects CC's core (the Lua runtime, APIs, computer internals).
enhancement
An extension of a feature or a new feature.
Many programs often need to generate high-quality random numbers for use in dealing with secret data. Programs made for CC:T, which currently doesn't provide entropy, end up either naively calling
math.random
(even after having it seeded with the system clock) or making use of some dubious unpredictability in low-resolution timers, events, or low-quality PRNGs.I see 3 possible approaches to solving this:
/dev/urandom
. This would require user-made libraries for converting bytes to numbers and take into account the subtle biases in the conversion.Finally, one must also question whether the low-ish security environment of a Minecraft Computer even warrants such action. There's already precedent for changes like these in CC addons as well as OC modules. Personally, I think that even if the environment isn't that safe (from side channels to hackers and malicious server admins), solving this would shrink the attack surface for future software, as well as reduce uncertainty in the lives of some security library authors and users.
The text was updated successfully, but these errors were encountered: