[cl-openid-ticket] [cl-openid] #14: secure random number generation

cl-openid cl-openid-devel at common-lisp.net
Sun Jun 5 22:22:40 UTC 2011 

#14: secure random number generation
---------------------------+------------------------------------------------
  Reporter:  mpasternacki  |       Owner:              
      Type:  defect        |      Status:  closed      
  Priority:  major         |   Milestone:              
 Component:  code          |     Version:  1.1 extended
Resolution:  fixed         |    Keywords:              
---------------------------+------------------------------------------------
Changes (by avodonosov):

  * status:  new => closed
  * resolution:  => fixed


Comment:

 The ticket is fixed.

 A library for secure random numbers is implemented:
 https://github.com/avodonosov/secure-random/.

 The current implementation is not pure-lisp, it reuses OpenSSL random
 number generator (via cl+ssl). Pure-lisp library would be better probably,
 but the OpenSSL way was the simpler. Implementing a pure lisp secure
 random number generator not only requires the RNG algorithm coding; the
 most expensive part will be gathering a truly unguessable initial state
 for the generator. OpenSSL does this from a platform specific service,
 like /dev/random, Windows Crypto API, Entropy Gathering Daemon, etc. The
 secure-random interface hides the implementation details, so when (and if)
 it will be reimplemented in lisp, the cl-openid code will not be affected.

 cl-openid already unconditionally depends on cl+ssl via drakma, therefore
 this solution does not add a redundant dependency.

 As of today, secure-random is not on quicklisp. Also it uses the very
 fresh cl+ssl with is also not in quicklisp.

 To trt it just download the secure random snapshot:
 http://github.com/avodonosov/secure-random/tarball/master.

 Then download the cl+ssl snapshot: https://gitorious.org/cl-plus-ssl/cl-
 plus-ssl/archive-tarball/master



 {{{
 (pushnew "<your cl-openid repository>" asdf:*central-registry* :test
 #'equal)
 (pushnew "<your cl+ssl snapshot dir>" asdf:*central-registry* :test
 #'equal)
 (pushnew "<your secure-random snapshot dir>" asdf:*central-registry* :test
 #'equal)

 (ql:quickload :cl-openid)
 }}}

-- 
Ticket URL: <http://trac.common-lisp.net/cl-openid/ticket/14#comment:1>
cl-openid <http://common-lisp.net/project/cl-openid>
cl-openid

More information about the cl-openid-ticket mailing list