use_urandom 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +14 -17
- data/lib/use_urandom.rb +13 -6
- data/lib/use_urandom/version.rb +1 -1
- data/use_urandom.gemspec +1 -0
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b43c4f499467f86061edcf8d3e037cdace0602f2
|
|
4
|
+
data.tar.gz: 5ce99576a00ed9acff19932dee27a9ef32fc1f83
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ddc300a28ef2c8f909caf1704a6216ecf9084afba3e1157b90078c47e3b0e4cda33d1dea43cb20cc94605fd9d38df41988d00d7d279b6757da6d9f29b22d70a4
|
|
7
|
+
data.tar.gz: 833ca09b336e4c1f0bfd2089b9dfddca7bdbb23377a1e87574a28c0d1277580f8803632b58ac5652503a1a46be1c2df39a0d754d7f2d4ed733fc9e76e2f0758e
|
data/README.md
CHANGED
|
@@ -1,33 +1,30 @@
|
|
|
1
1
|
# UseUrandom
|
|
2
|
-
|
|
2
|
+
Turns out, Ruby's SecureRandom makes some poor design decisions.
|
|
3
3
|
This gem monkey patches SecureRandom to use /dev/urandom.
|
|
4
4
|
|
|
5
|
-
##
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
And then execute:
|
|
14
|
-
|
|
15
|
-
$ bundle
|
|
16
|
-
|
|
17
|
-
Or install it yourself as:
|
|
18
|
-
|
|
19
|
-
$ gem install use_urandom
|
|
5
|
+
## FAQ
|
|
6
|
+
### Why write this and what is wrong with SecureRandom?
|
|
7
|
+
There are a lot of material involved in answering this, but the best starting point is [this HN thread, from which this gem was inspired](https://news.ycombinator.com/item?id=11624890)
|
|
8
|
+
### What about Random.raw_seed?
|
|
9
|
+
The purpose of this gem, as per the name, is to use /dev/urandom. That function takes several code paths, one possibility of which, is reading /dev/urandom. raw_seed() meanwhile, is written in C, and packed with #define's that control flow. I don't intend on auditing it line by line, and the fact this gem is necessary reduces needed limits my confidence in it.
|
|
10
|
+
### But my server will run out of entropy!
|
|
11
|
+
If you truly believe that, don't use this gem. Definitely don't open an issue demonstrating ignorance.
|
|
20
12
|
|
|
21
13
|
## Usage
|
|
22
14
|
|
|
23
15
|
This gem is in the super pre-alpha stage and shouldn't be used.
|
|
16
|
+
Just require it in your application:
|
|
17
|
+
|
|
18
|
+
```ruby
|
|
19
|
+
require 'use_urandom'
|
|
20
|
+
```
|
|
24
21
|
|
|
22
|
+
Any calls to SecureRandom will automatically get redirected to a read on /dev/urandom. Any failures get pushed back to the original code, with a warning raised.
|
|
25
23
|
|
|
26
24
|
## Contributing
|
|
27
25
|
|
|
28
26
|
Bug reports and pull requests are welcome on GitHub at https://github.com/technion/use_urandom.
|
|
29
27
|
|
|
30
|
-
|
|
31
28
|
## License
|
|
32
29
|
|
|
33
30
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/lib/use_urandom.rb
CHANGED
|
@@ -1,14 +1,19 @@
|
|
|
1
1
|
require "use_urandom/version"
|
|
2
2
|
|
|
3
3
|
module SecureRandom
|
|
4
|
+
# A constant for the file path used
|
|
5
|
+
|
|
6
|
+
URANDOM = "/dev/urandom"
|
|
7
|
+
# Hooks SecureRandom's self.gen_random
|
|
4
8
|
class << self
|
|
5
9
|
alias_method :original_gen_random, :gen_random
|
|
6
10
|
|
|
7
11
|
def gen_random(n)
|
|
8
12
|
begin
|
|
9
|
-
UseUrandom
|
|
13
|
+
UseUrandom.urandom(n)
|
|
10
14
|
rescue
|
|
11
|
-
|
|
15
|
+
# Fallback code - UseRandom raises exceptions on any problem
|
|
16
|
+
warn "Using original SecureRandom"
|
|
12
17
|
original_gen_random(n)
|
|
13
18
|
end
|
|
14
19
|
end
|
|
@@ -16,13 +21,15 @@ module SecureRandom
|
|
|
16
21
|
end
|
|
17
22
|
|
|
18
23
|
module UseUrandom
|
|
19
|
-
URANDOM = "/dev/urandom"
|
|
20
24
|
|
|
25
|
+
# Reads 'n' bytes from URANDOm
|
|
21
26
|
def self.urandom(n)
|
|
22
|
-
|
|
23
|
-
fh = File.open
|
|
24
|
-
|
|
27
|
+
# Facilitates testing
|
|
28
|
+
fh = File.open SecureRandom::URANDOM, 'rb'
|
|
29
|
+
# Sanity test - owned by root
|
|
30
|
+
raise "Invalid urandom file" unless (fh.stat.uid == 0 && fh.stat.chardev?)
|
|
25
31
|
data = fh.read(n)
|
|
32
|
+
fh.close
|
|
26
33
|
raise "Not enough data read" unless data.size == n
|
|
27
34
|
data
|
|
28
35
|
end
|
data/lib/use_urandom/version.rb
CHANGED
data/use_urandom.gemspec
CHANGED
|
@@ -22,4 +22,5 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.add_development_dependency "bundler", "~> 1.11"
|
|
23
23
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
24
24
|
spec.add_development_dependency "minitest", "~> 5.0"
|
|
25
|
+
spec.add_development_dependency "minitest-stub-const" , "~> 0.5"
|
|
25
26
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: use_urandom
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Technion
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -52,6 +52,20 @@ dependencies:
|
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '5.0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: minitest-stub-const
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0.5'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '0.5'
|
|
55
69
|
description: Prefer urandom to OpenSSL
|
|
56
70
|
email:
|
|
57
71
|
- technion@lolware.net
|