[Haskell-cafe] [Haskell] ANN: nonce package
Felipe Lessa
felipe.lessa at gmail.com
Sun Jun 7 12:43:35 UTC 2015
On 07-06-2015 06:44, Geraldus wrote:
> вс, 7 июня 2015 г. в 13:26, Geraldus <heraldhoi at gmail.com
> <mailto:heraldhoi at gmail.com>>:
>
> Hi, Felipe! Thank you for sharing!
>
> The one question I have is there some good way to generate unique
> nonces?
Nonces generated by the nonce package are always unique. If not,
there's a huge bug, or your /dev/urandom is broken.
> Also it is good to make a new generator in function which
> produces a nonce? E.g.
>
> generateNonce :: forall (m :: * -> *). (MonadIO m, Functor m) => m Text
> generateNonce =
> do g <- new
> nonce128urlT g
You will not shoot yourself in the foot security-wise. You are not able
to distinguish a sequence of nonces generated by
replicateM n (new >>= nonce128urlT)
vs
new >>= replicateM n . nonce128urlT
However, 'new' is a _very_ expensive function. Your generateNonce
function will have abysmal performance (and so will the first example
above). Please avoid creating many generators.
Cheers,
--
Felipe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20150607/970efec5/attachment.sig>
More information about the Haskell-Cafe
mailing list