From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail4-relais-sop.national.inria.fr (mail4-relais-sop.national.inria.fr [192.134.164.105]) by walapai.inria.fr (8.13.6/8.13.6) with ESMTP id q029Z8dL005622 for ; Mon, 2 Jan 2012 10:35:08 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArUOAK94AU/RVde2kGdsb2JhbABEggWqSQgiAQEBAQkJDQcUBCGBcgEBAQQSAiwBOAEDDAEFBQsDOB8DEgEFARwGEwgTB59mCo5Qg2uJMAIFC4wEBIxyiBCNfT2BTYIu X-IronPort-AV: E=Sophos;i="4.71,444,1320620400"; d="scan'208";a="125266921" Received: from mail-ey0-f182.google.com ([209.85.215.182]) by mail4-smtp-sop.national.inria.fr with ESMTP/TLS/RC4-SHA; 02 Jan 2012 10:35:03 +0100 Received: by eaaf13 with SMTP id f13so26702017eaa.27 for ; Mon, 02 Jan 2012 01:35:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=YvbgOd9MpabprLfSipMMgUPuHXVUThqJfCOOtdKEaPk=; b=f+HCeeSibR2t/CseSbpZFl/TsBhLYQdtRlSPfPyrKr+ftHO8OQjs39G+CdRWKBE0Nk eRgOFTE8KiAySgf3o2HEYWQrNqgLlooaHJUjFAsUqchLrlfW6IZVXsPe721f33SKY6nL QyXqghoudxxL8qX90Yk6GSutuGlo4WzMmR7nI= Received: by 10.204.145.86 with SMTP id c22mr10677348bkv.61.1325496903165; Mon, 02 Jan 2012 01:35:03 -0800 (PST) MIME-Version: 1.0 Sender: david.mentre@gmail.com Received: by 10.204.71.8 with HTTP; Mon, 2 Jan 2012 01:34:31 -0800 (PST) In-Reply-To: <1325451843.5036.165.camel@samsung> References: <1325263446.5036.104.camel@samsung> <4EFDEF92.3010204@inria.fr> <20120101125212.GB12851@annexia.org> <4F0097E6.2090701@inria.fr> <1325451843.5036.165.camel@samsung> From: David MENTRE Date: Mon, 2 Jan 2012 10:34:31 +0100 X-Google-Sender-Auth: ciwCXUYTCGF6Kza3LAX34PaahRI Message-ID: To: Gerd Stolpmann Cc: Xavier Leroy , caml-list@inria.fr Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by walapai.inria.fr id q029Z8dL005622 Subject: Re: [Caml-list] Hashtbl and security Hello, 2012/1/1 Gerd Stolpmann : > Am Sonntag, den 01.01.2012, 18:29 +0100 schrieb Xavier Leroy: >> On 01/01/2012 01:52 PM, Richard W.M. Jones wrote: [...] >> > It may be worth noting that Perl solved this problem (back in 2003) by >> > unconditionally using a seed which is a global set to a random number >> > during interpreter initialization. >> >> That's how my initial reimplementation of Hashtbl worked, using the >> Random module to produce seeds, but I was told (correctly) that in >> security-sensitive applications it's better to leave the generation of >> random numbers under control of the programmer.  For some applications >> Random.self_init might be good enough and for others stronger >> randomness is needed. >> >> Of course, you can trivially emulate Perl's behavior using the new >> Hashtbl implementation + the Random module. [...] > Nevertheless, Ocaml is now widely used in environments where > a certain minimum of security is demanded, and I think Ocaml should > provide this minimum at least, and use it for things like an > automatically chosen seed for hash tables. I share Gerd's opinion that OCaml should provide a "reasonable default", even if this default my not be enough for applications that need a strong security. Another "solution" would be to flag this API as a potential security issue in the documentation and/or provide a compiler warning to emit a warning if Hashtbl is used without proper initialization. Best regards, david