Skip to content

rand_jitter: Discourage use for cryptographic purposes #814

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 3, 2019
Merged

rand_jitter: Discourage use for cryptographic purposes #814

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions rand_jitter/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@

Non-physical true random number generator based on timing jitter.

Note that this RNG is not suited for use cases where cryptographic security is
required (also see [this
discussion](https://github.com/rust-random/rand/issues/699)).

This crate depends on [rand_core](https://crates.io/crates/rand_core) and is
part of the [Rand project](https://github.com/rust-random/rand).

Expand Down
15 changes: 8 additions & 7 deletions rand_jitter/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@

//! Non-physical true random number generator based on timing jitter.
//!
//! Note that this RNG is not suited for use cases where cryptographic security is
//! required (also see this [discussion]).
//!
//! This is a true random number generator, as opposed to pseudo-random
//! generators. Random numbers generated by `JitterRng` can be seen as fresh
//! entropy. A consequence is that it is orders of magnitude slower than `OsRng`
Expand All @@ -24,9 +27,6 @@
//! indistinguishable, and a cryptographic PRNG should also be as impossible to
//! predict.
//!
//! Use of `JitterRng` is recommended for initializing cryptographic PRNGs when
//! `OsRng` is not available.
//!
//! `JitterRng` can be used without the standard library, but not conveniently,
//! you must provide a high-precision timer and carefully have to follow the
//! instructions of [`JitterRng::new_with_timer`].
Expand All @@ -39,6 +39,7 @@
//! with disabled `std` feature.
//!
//! [Jitterentropy]: http://www.chronox.de/jent.html
//! [discussion]: https://github.com/rust-random/rand/issues/699

#![doc(html_logo_url = "https://www.rust-lang.org/logos/rust-logo-128x128-blk.png",
html_favicon_url = "https://www.rust-lang.org/favicon.ico",
Expand Down Expand Up @@ -81,7 +82,7 @@ doc_comment!(include_str!("../README.md"));
mod platform;
mod error;

use rand_core::{RngCore, CryptoRng, Error, impls};
use rand_core::{RngCore, Error, impls};
pub use error::TimerError;

use core::{fmt, mem, ptr};
Expand All @@ -97,6 +98,9 @@ const MEMORY_SIZE: usize = MEMORY_BLOCKS * MEMORY_BLOCKSIZE;

/// A true random number generator based on jitter in the CPU execution time,
/// and jitter in memory access time.
///
/// Note that this RNG is not suitable for use cases where cryptographic
/// security is required.
pub struct JitterRng {
data: u64, // Actual random number
// Number of rounds to run the entropy collector per 64 bits
Expand Down Expand Up @@ -724,6 +728,3 @@ impl RngCore for JitterRng {
Ok(self.fill_bytes(dest))
}
}

impl CryptoRng for JitterRng {}