> On Oct 4, 2017, at 7:07 PM, Xiaodi Wu <[email protected]> wrote: > > On Wed, Oct 4, 2017 at 20:32 Chris Lattner <[email protected] > <mailto:[email protected]>> wrote: > FWIW, I agree with Ben here: if the true cryptographically secure random > numbers force this complexity onto users, then we should settle for something > close but not quite that bulletproof. > > As long as it's a conscious design choice, that's potentially fine. My > purpose in raising this issue is to point out that there is a choice to be > made. Another consideration is that, if primitives such as Int.random() > silently degrade, they cannot be the basis upon which more sophisticated > secure APIs are built.
Understood - and please keep in mind that I am not a random number expert. :-) I think that the default Int.random() sorts of functions should provide an abstraction that never fails. Forcing failure onto clients will cause more bugs than it will prevent IMO (and it sounds like Ben is aligned on that as well). I suspect that folks who truly need verifiably cryptographically secure RNG’s will also have other requirements which would lead to them not wanting to use a “Int.random()” style interface anyway, so it is fine to push that complexity down to the more power-user API. -Chris
_______________________________________________ swift-evolution mailing list [email protected] https://lists.swift.org/mailman/listinfo/swift-evolution
