Hammerspoon: Add more cryptographically secure random number generator
As discussed in https://github.com/Hammerspoon/Spoons/issues/145 - @psifertex writes:
The current PasswordGenerator spoon uses Lua's math.rand seeded with os.time which is very cryptographically insecure. TL;DR randomness is hard and a plugin with the goal of generating passwords should either be very, very well vetted or (better!) just use an existing library that's known to have solid cryptographic properties.
One possible solution?
#include <stdlib.h>
// ...
// ...
int r = arc4random_uniform(74);
Another solution might be SecRandomCopyBytes?
Although I do note that Lua 5.4 will have a "new implementation for math.random", but there's no release date yet - it's also not clear from the WIP documentation as to whether or not it'll be cryptographically secure.
latenitefilms
All 9 comments
Maybe something like this to match the syntax of math.random()?
--- hs.random([lower], [upper]) -> integer
--- Functions
--- Generates a cryptographic pseudo-random number.
---
--- Parameters:
--- * `lower` - An optional value for the lowest value the random number can be. An upper value must also be supplied.
--- * `upper ` - An optional value for the highest value the random number can be. A lower value is optional (i.e if you supply a single parameter, then only `upper` is used, and `lower` defaults to 1.
---
--- Returns:
--- * An integer.
---
--- Notes:
--- * `hs.random()` with no arguments generates a real number between 0 and 1.
--- * `hs.random(upper)` generates integer numbers between 1 and upper (both inclusive).
--- * `hs.random(lower, upper)` generates integer numbers between lower and upper (both inclusive).
--- * Internally, this function uses `arc4random_uniform`.
Internally it could use something like this?
- (NSInteger)randomNumberBetween:(NSInteger)min maxNumber:(NSInteger)max
{
return min + arc4random_uniform((uint32_t)(max - min + 1));
}
math.random also returns a float between [0, 1) when passed no arguments, so I'd prefer it if we supported that case as well; otherwise I see no problem with adding this.
Supporting the no-argument case would also allow people who wanted to do something like math.random = hs.random to force the use of our function when they didn't want to modify existing code.
asmagill
on 23 Dec 2019
@asmagill Great to hear from you! You've been missed!
Yes, my intention with the documentation example in the last post, was to match the functionality of math.random() - you should be able to use it as a direct replacement.
latenitefilms
on 23 Dec 2019
Some medical issues had to be addressed, but I'm hoping to put in some good work on hs.text and hs.[_asm.]axuielement over the next couple of weeks, so hopefully you'll be hearing more from me 馃槣
asmagill
on 23 Dec 2019
@psifertex - I've just added a pull request in #2264. Let me know if this resolves your issue?
latenitefilms
on 23 Dec 2019
Unfortunately I also just landed some code, adding a new hs.math with a couple of random number generating functions in it, but either way, this issue is now addressed IMO :)
cmsj
on 23 Dec 2019
@cmsj - No worries at all! Adding hs.math is a much better idea!
The only thing I will mention is that above @asmagill suggests, that we could replace math.random with this new Hammerspoon math function, which is not possible with your current implementation. Maybe hs.math.random should be added as well which matches the parameters of math.random?
latenitefilms
on 23 Dec 2019
The new arc4 implementation looks good, thanks!
psifertex
on 23 Dec 2019
@cmsj you could probably write a wrapper in the lua code which decides which of your functions to call based upon the parameters passed in, but I do think that having a single function which matches the functionality of math.random is a good idea worth implementing.
asmagill
on 23 Dec 2019
Related issues
latenitefilms
路
3Comments
jiahut
路
3Comments
Pancia
路
4Comments
reestr
路
3Comments
iliyang
路
4Comments