[Haskell-cafe] Annoyed at System.Random

Thomas DuBuisson thomas.dubuisson at gmail.com
Fri May 4 05:56:02 CEST 2012

On May 3, 2012 5:49 PM, "Ertugrul Söylemez" <es at ertes.de> wrote:

> Thomas DuBuisson <thomas.dubuisson at gmail.com> wrote:
> > Vincent has done great work for Haskell+Crypto so I think he knows I
> > mean nothing personal when I say cprng-aes has the right idea done the
> > wrong way.  Why a new effort vs Vincent's package?
> >
> > 1. cprng-aes is painfully slow.
> > 2. It doesn't use NI instructions (or any C implementation,
> > currently).
> > 3. It isn't backtracking resistent.  I plan to follow the SP and test
> > against the KATs.
> I can't really tell whether the first two points are true.

Feel free to investigate it yourself, I've convinced myself.  Vincent has
added NI work to cryptocipher recently, but it still needs some corners
smoothed.  I've contacted him about some of those already.  In the end I
might use his C/ASM code for this task, but it is still lacking the ability
to check for the NI instruction.

>  If they are,
> they should be really easy to fix and don't really require a new package

'random' isn't a new package.  We can't simply rename any package depending
on crypto-api and add a new face because we should also consider the build

About the third point:  This should be easy to fix and would probably be
> the only breaking change (in that it would generate different sequences
> than before).  However, it is questionable whether you want AES at all
> in this case.  A hash function-based PRNG would probably be better.
> This could indeed justify a new library.  On the other hand you want NI
> instructions.

There are many ways to make a CTR based DRBG backtrack resistant.  As I've
alluded to already - I'd just go with the NIST SP.

> > 4. Lots of people still use "random" by default, so it would be good
> > to have StdGen be something reasonable, where "reasonable" is from as
> > many perspectives as we can manage.
> Of course this is not cprng-aes' fault, so this point is one of its own
> unrelated to my original response.

This is the core of the proposal, ignoring this is to ignore the purpose of
the entire thread.

>  StdGen is really unfortunate and
> should be replaced, but by what?  In an older thread this question
> turned out to be difficult to answer.

It was difficult back then because there was some confusion about adhering
to the Haskell Report.  Well, Random isn't part of Haskell 2010+ and older
standards include a copy in their own package, so we (read: Ryan) have a
much freer hand.


P.S. The email seems pointed, but I'm just merrily making points.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20120503/bb2664b3/attachment-0001.htm>

More information about the Haskell-Cafe mailing list