[swift-evolution] [Proposal] Random Unification

Chris Lattner clattner at nondot.org
Wed Oct 4 23:09:10 CDT 2017


> On Oct 4, 2017, at 7:07 PM, Xiaodi Wu <xiaodi.wu at gmail.com> wrote:
> 
> On Wed, Oct 4, 2017 at 20:32 Chris Lattner <clattner at nondot.org <mailto:clattner at nondot.org>> wrote:
> FWIW, I agree with Ben here: if the true cryptographically secure random numbers force this complexity onto users, then we should settle for something close but not quite that bulletproof.
> 
> As long as it's a conscious design choice, that's potentially fine. My purpose in raising this issue is to point out that there is a choice to be made. Another consideration is that, if primitives such as Int.random() silently degrade, they cannot be the basis upon which more sophisticated secure APIs are built.

Understood - and please keep in mind that I am not a random number expert. :-)

I think that the default Int.random() sorts of functions should provide an abstraction that never fails.  Forcing failure onto clients will cause more bugs than it will prevent IMO (and it sounds like Ben is aligned on that as well).  I suspect that folks who truly need verifiably cryptographically secure RNG’s will also have other requirements which would lead to them not wanting to use a “Int.random()” style interface anyway, so it is fine to push that complexity down to the more power-user API.

-Chris


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-evolution/attachments/20171004/2f07ed7e/attachment.html>


More information about the swift-evolution mailing list