use_urandom 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -17
- data/lib/use_urandom.rb +13 -6
- data/lib/use_urandom/version.rb +1 -1
- data/use_urandom.gemspec +1 -0
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b43c4f499467f86061edcf8d3e037cdace0602f2
|
|
4
|
+
data.tar.gz: 5ce99576a00ed9acff19932dee27a9ef32fc1f83
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ddc300a28ef2c8f909caf1704a6216ecf9084afba3e1157b90078c47e3b0e4cda33d1dea43cb20cc94605fd9d38df41988d00d7d279b6757da6d9f29b22d70a4
|
|
7
|
+
data.tar.gz: 833ca09b336e4c1f0bfd2089b9dfddca7bdbb23377a1e87574a28c0d1277580f8803632b58ac5652503a1a46be1c2df39a0d754d7f2d4ed733fc9e76e2f0758e
|
data/README.md
CHANGED
|
@@ -1,33 +1,30 @@
|
|
|
1
1
|
# UseUrandom
|
|
2
|
-
|
|
2
|
+
Turns out, Ruby's SecureRandom makes some poor design decisions.
|
|
3
3
|
This gem monkey patches SecureRandom to use /dev/urandom.
|
|
4
4
|
|
|
5
|
-
##
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
And then execute:
|
|
14
|
-
|
|
15
|
-
$ bundle
|
|
16
|
-
|
|
17
|
-
Or install it yourself as:
|
|
18
|
-
|
|
19
|
-
$ gem install use_urandom
|
|
5
|
+
## FAQ
|
|
6
|
+
### Why write this and what is wrong with SecureRandom?
|
|
7
|
+
There are a lot of material involved in answering this, but the best starting point is [this HN thread, from which this gem was inspired](https://news.ycombinator.com/item?id=11624890)
|
|
8
|
+
### What about Random.raw_seed?
|
|
9
|
+
The purpose of this gem, as per the name, is to use /dev/urandom. That function takes several code paths, one possibility of which, is reading /dev/urandom. raw_seed() meanwhile, is written in C, and packed with #define's that control flow. I don't intend on auditing it line by line, and the fact this gem is necessary reduces needed limits my confidence in it.
|
|
10
|
+
### But my server will run out of entropy!
|
|
11
|
+
If you truly believe that, don't use this gem. Definitely don't open an issue demonstrating ignorance.
|
|
20
12
|
|
|
21
13
|
## Usage
|
|
22
14
|
|
|
23
15
|
This gem is in the super pre-alpha stage and shouldn't be used.
|
|
16
|
+
Just require it in your application:
|
|
17
|
+
|
|
18
|
+
```ruby
|
|
19
|
+
require 'use_urandom'
|
|
20
|
+
```
|
|
24
21
|
|
|
22
|
+
Any calls to SecureRandom will automatically get redirected to a read on /dev/urandom. Any failures get pushed back to the original code, with a warning raised.
|
|
25
23
|
|
|
26
24
|
## Contributing
|
|
27
25
|
|
|
28
26
|
Bug reports and pull requests are welcome on GitHub at https://github.com/technion/use_urandom.
|
|
29
27
|
|
|
30
|
-
|
|
31
28
|
## License
|
|
32
29
|
|
|
33
30
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/lib/use_urandom.rb
CHANGED
|
@@ -1,14 +1,19 @@
|
|
|
1
1
|
require "use_urandom/version"
|
|
2
2
|
|
|
3
3
|
module SecureRandom
|
|
4
|
+
# A constant for the file path used
|
|
5
|
+
|
|
6
|
+
URANDOM = "/dev/urandom"
|
|
7
|
+
# Hooks SecureRandom's self.gen_random
|
|
4
8
|
class << self
|
|
5
9
|
alias_method :original_gen_random, :gen_random
|
|
6
10
|
|
|
7
11
|
def gen_random(n)
|
|
8
12
|
begin
|
|
9
|
-
UseUrandom
|
|
13
|
+
UseUrandom.urandom(n)
|
|
10
14
|
rescue
|
|
11
|
-
|
|
15
|
+
# Fallback code - UseRandom raises exceptions on any problem
|
|
16
|
+
warn "Using original SecureRandom"
|
|
12
17
|
original_gen_random(n)
|
|
13
18
|
end
|
|
14
19
|
end
|
|
@@ -16,13 +21,15 @@ module SecureRandom
|
|
|
16
21
|
end
|
|
17
22
|
|
|
18
23
|
module UseUrandom
|
|
19
|
-
URANDOM = "/dev/urandom"
|
|
20
24
|
|
|
25
|
+
# Reads 'n' bytes from URANDOm
|
|
21
26
|
def self.urandom(n)
|
|
22
|
-
|
|
23
|
-
fh = File.open
|
|
24
|
-
|
|
27
|
+
# Facilitates testing
|
|
28
|
+
fh = File.open SecureRandom::URANDOM, 'rb'
|
|
29
|
+
# Sanity test - owned by root
|
|
30
|
+
raise "Invalid urandom file" unless (fh.stat.uid == 0 && fh.stat.chardev?)
|
|
25
31
|
data = fh.read(n)
|
|
32
|
+
fh.close
|
|
26
33
|
raise "Not enough data read" unless data.size == n
|
|
27
34
|
data
|
|
28
35
|
end
|
data/lib/use_urandom/version.rb
CHANGED
data/use_urandom.gemspec
CHANGED
|
@@ -22,4 +22,5 @@ Gem::Specification.new do |spec|
|
|
|
22
22
|
spec.add_development_dependency "bundler", "~> 1.11"
|
|
23
23
|
spec.add_development_dependency "rake", "~> 10.0"
|
|
24
24
|
spec.add_development_dependency "minitest", "~> 5.0"
|
|
25
|
+
spec.add_development_dependency "minitest-stub-const" , "~> 0.5"
|
|
25
26
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: use_urandom
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Technion
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -52,6 +52,20 @@ dependencies:
|
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '5.0'
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: minitest-stub-const
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0.5'
|
|
62
|
+
type: :development
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '0.5'
|
|
55
69
|
description: Prefer urandom to OpenSSL
|
|
56
70
|
email:
|
|
57
71
|
- technion@lolware.net
|