Re: Deprecating fromIntegral

-1 from me, massive work to overhaul the ecosystem. Maybe a haddock comment first?

On Aug 7, 2020, at 10:08 PM, Niklas Hambüchen via Libraries wrote:

Today I found another big bug caused by `fromIntegral`:

https://github.com/haskell-crypto/cryptonite/issues/330

Incorrect hashes for all hash algorithms beyond 4 GiB of input. SHA hash collisions in my productions system.

Restating what I said there:

* Until we deprecate fromIntegral, Haskell code will always be subtly wrong and never be secure. * If we don't fix this, people will shy away from using Haskell for serious work (or learn it the hard way). Rust and C both do this better. * If the authors of key crypto libraries fall for these traps (no blame on them), who can get it right? We should remove the traps.

The wrong code,

hashInternalUpdate ctx d (fromIntegral $ B.length b)

exists because it simply does not look like wrong code. In contrast,

hashInternalUpdate ctx d (fromIntegralWrapping $ B.length b)

does look like wrong code and would make anyone scrolling by suspicious.

We can look away while continuing to claim that Haskell is a high-correctness language, or fix stuff like this and make it one. _______________________________________________ Libraries mailing list Libraries@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries