On 17 Jan 2010, at 22:08, Chris Anderson wrote: > On Sun, Jan 17, 2010 at 1:17 PM, Jonathan <[email protected]> wrote:
>> source difficult. A grep through the CouchDB 0.10.1 source shows that there >> are 5 actual calls into the crypto library, calling the functions: start/0, >> sha/1, rand_bytes/1, rand_uniform/2, and sha_mac/2. >> >> I've created a pure-Erlang copy of this API (that attempts to fallback to >> the crypto library if possible) at http://gist.github.com/279085. The >> random stream isn't cryptographically secure of course, but it should work >> for generating UUIDs... > I'm +1 on this. The complications are (a) making sure the licensing is > done correctly. (b) > making sure the sha etc are compatible, so passwords work across > implementations. Can you folks make sure you spend some serious cycles on having test cases ? Over the years I've been bitten more than once by things like this - where at some point later something like a sha1 suddenly was used for a digest or similar - and had to be bit-for-bit compatible. Likewise - you probably want to strongly document each call to the rand_*/2 (in the calling code) to warn/document the assumption that what is returned is no longer properly* random. Thanks, Dw. *: insert appropriate def of cryptographically unpredictable, etc. http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this.
