Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/technion/use_urandom

A Ruby gem that patches SecureRandom to use /dev/urandom
https://github.com/technion/use_urandom

Last synced: about 2 months ago
JSON representation

A Ruby gem that patches SecureRandom to use /dev/urandom

Host: GitHub
URL: https://github.com/technion/use_urandom
Owner: technion
License: mit
Created: 2016-05-04T04:09:54.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2018-01-16T08:40:31.000Z (almost 7 years ago)
Last Synced: 2024-10-31T14:27:45.972Z (2 months ago)
Language: Ruby
Homepage:
Size: 8.79 KB
Stars: 2
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

# UseUrandom
Turns out, Ruby's SecureRandom makes some poor design decisions.
This gem monkey patches SecureRandom to use /dev/urandom.

# UPDATE

This Gem is largely pointless now that modern versions of Ruby use a secure entry source.

See this bug: https://bugs.ruby-lang.org/issues/9569

## FAQ
### Why write this and what is wrong with SecureRandom?
There are a lot of material involved in answering this, but the best starting point is [this HN thread, from which this gem was inspired](https://news.ycombinator.com/item?id=11624890)
### What about Random.raw_seed?
The purpose of this gem, as per the name, is to use /dev/urandom. That function takes several code paths, one possibility of which, is reading /dev/urandom. raw_seed() meanwhile, is written in C, and packed with #define's that control flow. I don't intend on auditing it line by line, and the fact this gem is necessary reduces needed limits my confidence in it.
### But my server will run out of entropy!
If you truly believe that, don't use this gem. Definitely don't open an issue demonstrating ignorance.

## Usage

This gem is in the super pre-alpha stage and shouldn't be used.
Just require it in your application:

```ruby
require 'use_urandom'
```

Any calls to SecureRandom will automatically get redirected to a read on /dev/urandom. Any failures get pushed back to the original code, with a warning raised.

## Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/technion/use_urandom.

## License

The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).