Conversation
pitdicker
left a comment
pitdicker
left a comment
There was a problem hiding this comment.
Looks like a good improvement to me.
Still, it it said that having an example in the readme is good practise.
| comprising `RngCore` support for `Box<R>` types where `R: RngCore`, as well as | ||
| extensions to the `Error` type's functionality. | ||
|
|
||
| Due to a bug in Cargo, `rand_core` is built without `std` support by default. |
There was a problem hiding this comment.
This sounds a bit negative. Can you say "Due to {issue-number}"?
There was a problem hiding this comment.
It was intended to be, and it's documented in Cargo.toml.
Maybe some day Cargo will have a lot less rough edges. I guess a flexible build/packaging tool turned out to be a considerably more complex than was initially envisaged. For now it still feels like a quick hack in many ways.
|
Added another commit with a lot of new library level documentation. I'm considering moving or removing the big examples at the end of the library documentation; they're good but it's just too much doc in one place. Thoughts? |
pitdicker
left a comment
pitdicker
left a comment
There was a problem hiding this comment.
Very nice improvements!
I'm considering moving or removing the big examples at the end of the library documentation; they're good but it's just too much doc in one place.
One of my wishes 😄.
It is nice documentation, but just too much in the wrong place. Is it possible to move it to a separate file?
src/lib.rs
Outdated
| //! much smaller state and faster initialisation while its disadvantage is | ||
| //! that it may be easy for an attacker to predict; actual performance varies). | ||
| //! These can be seeded from a parent generator (`SeedableRng::thread_rng`) or | ||
| //! with fresh entropy using `NewRng`: |
src/lib.rs
Outdated
| //! `thread_rng` and potentially much slower if `EntropyRng` must fall back to | ||
| //! `JitterRng` as a source. | ||
| //! | ||
| //! It is also common to use an algorithmic generator in local memory; for |
There was a problem hiding this comment.
I think it is better to have this one as the second paragraph, and to reword a bit.
It is also quite common, and can have advantages, to use an algorithmic generator in local memory.
StdRng and SmallRng provide to generators selected for common use. StdRng can be recommended for all uses, the main advantages of SmallRng are much smaller state and faster initialisation while its disadvantage is that it may be easy for an attacker to predict; actual performance varies.
...
There was a problem hiding this comment.
I don't want to make the doc too long however — I'll try to find a compromise.
| //! | ||
| //! | ||
| //! In case one wants specifically to have a reproducible stream of "random" | ||
| //! data (e.g. to procedurally generate a game world), select a named algorithm |
There was a problem hiding this comment.
Do you want to link to the prng module here?
src/lib.rs
Outdated
| //! data (e.g. to procedurally generate a game world), select a named algorithm | ||
| //! (i.e. not `StdRng`/`SmallRng` which may be adjusted in the future), and | ||
| //! use `SeedableRng::from_seed`. Some generators provide additional | ||
| //! constructors suitable for some applications, e.g. `IsaacRng::new_from_u64`. |
There was a problem hiding this comment.
Mostly unrelated though: most RNGs now have a new_unseeded method. They are a thorn in my eye 😄. Should we deprecate them with 0.5?
There was a problem hiding this comment.
I think that was originally the plan but got forgotten? Sure, why not.
| //! | ||
| //! The `seq` module has a few tools applicable to sliceable or iterable data. | ||
| //! | ||
| //! # Cryptographic security |
There was a problem hiding this comment.
Your new paragraphs are a good improvement, but I don't like it completely yet. It reads as very serious (can be a good thing), but Rand is not really a library for cryptography. I would mostly point away the responsibility to specialized crates, when one wants to start using an RNG for encrypting and stuff.
What I would like to see somewhere (just noting from my lazy chair) is that for many algorithms and situations it is good to be unpredictable. That is what I see as the reason for including CSPRNGs. We should make it that they are not only a good idea for some corner of problems, but are a good choice for many situations that are seemingly security-unrelated. Most things that are somehow using an RNG in a situation that can be influenced by users, do well using one. One example is the standard library's HashMap, another something like random-pivot quicksort from the PCG blog.
There was a problem hiding this comment.
Rand is not intended to be used for encryption directly (although there isn't much reason various generators couldn't be used as stream ciphers; just initialisation isn't standard), but I think Rand should be usable as a source of secrets — with caveats that (for now at least) the code hasn't had proper expert review and that currently we have limited means to mitigate side-channel attacks (which may or may not be improved upon).
There was a problem hiding this comment.
BTW while this isn't intent to be a guide to cryptography I feel there are so many myths surrounding cryptography that it is worth trying to put people straight (e.g. distrust of CSPRNGs; the bigger problem is usually user-space PRNGs or poorly seeded PRNGs).
| /// `/dev/random` is not better than `/dev/urandom` in most cases. However, | ||
| /// this means that `/dev/urandom` can yield somewhat predictable randomness | ||
| /// if the entropy pool is very small, such as immediately after first | ||
| /// booting. Linux 3.17 added the `getrandom(2)` system call which solves |
There was a problem hiding this comment.
Maybe we should say a little less here, I am not sure this description is entirely up-to-date. Maybe we should just say that that the quality difference between /dev/random and /dev/urandom is a myth or at least outdated information. Making this a very short paragraph, as an addition to the list of system interfaces used.
There was a problem hiding this comment.
It's also about getrandom; I did consider just referring to the man page. It's just a cut-and-paste.
Better doc of features in both crates. Update version req to 0.5.0-pre.0. More updates are needed for final 0.5.
|
Updated (rebased + 1 new commit). I'm not sure what to do with the doc on Edit: still need to link stuff on that lib doc. |
Note: links are predictive. Unfortunately example code is not included in generated documentation, so we must link to the repo.
This uses relative paths between crates which works fine with locally-generated documentation and should also with this: https://rust-lang-nursery.github.io/rand/rand/index.html
|
I extracted the examples and fixed links, plus a couple of trivial fixes. |
|
Keeps getting better. Adding links was one of the things I wanted to suggest, but you did so already 👍. But I think you are not completely done with making changes, right? |
|
What makes you say that? I don't know what to do with the |
|
I did not mean to say that you should change any more things, more that that was the impression I got. If it is up to me I'd say this is good to merge. Shall I try to take a stab at the documentation for To be honest I would like to see the change I suggested in #328 (comment). As a crate in the nursery, let's not sound to critical... |
|
No, I haven't any more changes. Go ahead and add your changes on top of this, or merge first if you like. |
2 participants
Better doc of features in both crates.
Update version req to 0.5.0-pre.0. More updates are needed for final 0.5.