Deprecating fromIntegral
Carter Schonwald
carter.schonwald at gmail.com
Mon Aug 10 04:22:50 UTC 2020
I mean Saturating not clipping
On Sun, Aug 9, 2020 at 11:43 PM Carter Schonwald <carter.schonwald at gmail.com>
wrote:
> The real issue here isn’t fromintrgral, but that everything defaults to
> wrapping semantics
>
> Adding variants that do signaling/exceptions and clipping Variants Of
> finite word/Int data types rather than just wrapping is the right path
> forward.
>
>
>
> On Sat, Aug 8, 2020 at 2:20 AM Herbert Valerio Riedel <hvriedel at gmail.com>
> wrote:
>
>> Btw, subtle correctness issues hiding throughout the vast monolithic
>> codebase like these were part of the reason (other reasons are
>> explained in
>> https://old.reddit.com/r/haskell/comments/5lxv75/psa_please_use_unique_module_names_when_uploading/dbzegx3/
>> )
>> why cryptohash/cryptonite/foundation has been banned from our
>> codebases not the least because it's hopeless to get something like
>> cryptonite through formal certification for security critical
>> applications. At the time the author made it clear he didn't welcome
>> my bug reports (later I learned the author was merely peculiar as to
>> what they consider an actual bug worth reporting). And whenever I
>> mentioned this in the past on reddit as a PSA, I got defensive
>> reactions and disbelief from certain people who were already invested
>> in the cryptonite ecosystem and I was accused of spreading unfounded
>> FUD... and so I stopped bringing up this kind of "heresy" publicly.
>>
>> However, as you can see in
>>
>> https://hackage.haskell.org/package/cryptohash-sha256/changelog
>>
>> this particular 32-bit overflow issue was one of the critical bugfixes
>> I ran into and repaired in the very first release right after the
>> initial-fork-release back in 2016. It's astonishing it took over 4
>> years for this bug to keep lingering in cryptonite/cryptohash before
>> it was detected. You'd expect this to have been detected in code
>> audits performed by Haskell companies that actively promote the use of
>> cryptonite early on.
>>
>> On Sat, Aug 8, 2020 at 5:09 AM Niklas Hambüchen via Libraries
>> <libraries at haskell.org> wrote:
>> >
>> > Today I found another big bug caused by `fromIntegral`:
>> >
>> > https://github.com/haskell-crypto/cryptonite/issues/330
>> >
>> > Incorrect hashes for all hash algorithms beyond 4 GiB of input. SHA
>> hash collisions in my productions system.
>> >
>> > Restating what I said there:
>> >
>> > * Until we deprecate fromIntegral, Haskell code will always be subtly
>> wrong and never be secure.
>> > * If we don't fix this, people will shy away from using Haskell for
>> serious work (or learn it the hard way). Rust and C both do this better.
>> > * If the authors of key crypto libraries fall for these traps (no blame
>> on them), who can get it right? We should remove the traps.
>> >
>> > The wrong code,
>> >
>> > hashInternalUpdate ctx d (fromIntegral $ B.length b)
>> >
>> > exists because it simply does not look like wrong code. In contrast,
>> >
>> > hashInternalUpdate ctx d (fromIntegralWrapping $ B.length b)
>> >
>> > does look like wrong code and would make anyone scrolling by suspicious.
>> >
>> > We can look away while continuing to claim that Haskell is a
>> high-correctness language, or fix stuff like this and make it one.
>> > _______________________________________________
>> > Libraries mailing list
>> > Libraries at haskell.org
>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries
>> _______________________________________________
>> Libraries mailing list
>> Libraries at haskell.org
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/libraries/attachments/20200810/de4cece5/attachment.html>
More information about the Libraries
mailing list