[swift-users] Sampling collections

Milos Rankovic milos at milos-and-slavica.net
Sun Apr 10 20:46:17 CDT 2016


> On 11 Apr 2016, at 02:17, Jens Alfke <jens at mooseyard.com> wrote:
> 
> I’d argue that “random” is a broad concept with several possible implementations. Which RNG does `sample` use? Pick a cryptographic one and it might be too slow for some use cases; pick a fast one and it'd be insufficiently random, making it dangerous to use for anything related to security.

And yet we have `arc4random` family of functions which most people use in the kind of scenarios I refer to. The security argument is important, but I feel we sometimes reach for it too quickly. Just how will NOT implementing sampling on collections prevent someone from basing their security strategy on arc4 algorithm. Consider how indicative of their work would that be; how many more glaring security holes are they likely to leave! And are we saying that the obscure path to this algorithm somewhere inside `Darwin` is a virtue? Protecting the uninitiated from a dangerous technology?

I’m sorry we are spending so much time discussing why this may be difficult for *someone* (because it likely won’t be us) to implement. The fact is that random bits will have to come from the frameworks beyond Standard Library, but if there is will, I cannot imagine it would be too difficult to bring them to bear on the core datatypes and protocols. My question was always if there is such will; if people would like the feature to be there competently implemented and vetted by the community…

milos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-users/attachments/20160411/c5ec6083/attachment.html>


More information about the swift-users mailing list