Hi, Felipe! Thank you for sharing! The one question I have is there some good way to generate unique nonces? сб, 23 мая 2015 г. в 22:01, Tobias Dammers :

Looks useful; feature request: something like

nonce :: MonadIO => Int -> Generator

(plus -url and -T flavors, obviously). I believe allowing the programmer to balance security vs. usability demands would be a good thing overall and worth a knob.

-> m ByteString On Fri, May 22, 2015 at 08:06:18PM -0300, Felipe Lessa wrote:

...

(Please forgive me if you received multiple copies of this e-mail.)

Hello,

The nonce package [1] contains functions to easily generate cryptographic nonces for many situations. Some places where these generated nonces can be used include:

- Password recovery e-mail tokens.

- XSRF protection tokens.

- Session IDs sent on cookies.

- Initialization vectors.

It uses an AES CPRNG periodically reseeded from /dev/urandom (or equivalent). It has no frills, no knobs, so it's hard to misuse. It's been available for an year but I just realized I've never properly announced it.

Regrettably, I've seen many uses of the random package (System.Random) when generating nonces. It's a bad choice: it is not a cryptographically secure PRNG, contains low entropy (64-bit state), and its default usage is seeded predictably (using a constant seed). Please avoid using the random package for generating nonces at all costs. In its stead, use the nonce package or something similar.

Cheers,

[1] http://hackage.haskell.org/package/nonce

-- Felipe.

...

_______________________________________________ Haskell mailing list Haskell@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell

-- Tobias Dammers - tdammers@gmail.com _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe

On 07-06-2015 06:44, Geraldus wrote:

вс, 7 июня 2015 г. в 13:26, Geraldus mailto:heraldhoi@gmail.com>:

Hi, Felipe! Thank you for sharing!

The one question I have is there some good way to generate unique nonces?

Nonces generated by the nonce package are always unique. If not, there's a huge bug, or your /dev/urandom is broken.

Also it is good to make a new generator in function which produces a nonce? E.g.

generateNonce :: forall (m :: * -> *). (MonadIO m, Functor m) => m Text generateNonce = do g <- new nonce128urlT g

You will not shoot yourself in the foot security-wise. You are not able to distinguish a sequence of nonces generated by replicateM n (new >>= nonce128urlT) vs new >>= replicateM n . nonce128urlT However, 'new' is a _very_ expensive function. Your generateNonce function will have abysmal performance (and so will the first example above). Please avoid creating many generators. Cheers, -- Felipe.