-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor(tools/rand): speed up random string generation, take 2 #13186
Conversation
7eb5775
to
5425292
Compare
7b1a440
to
6a51707
Compare
left my comment in the old PR for archive purpose, but also posting here #13150 (comment) Edit (by @bungle) copying it here: I'm not referring the openssl rand_bytes vs. /dev/urandom is securer or weaker, but it depends on our usage. We have to use math.rand to map extra character range +, /, thus the output is a mix of cryptographic secure source and non cryptographic secure source. In our code, we have places we just need random strings, thus it doesn't have to be CSPRNG. We can just use math.random to generate fast and non cryptographic secure random strings. So I'm just suggesting to have a pure lua math.rand flavor and a openssl rand bytes variant (no encode_base64, just use to_hex) to random_string. Something like random_string(non_csprng) and default to generate CSPRNG, and can fallback to fast math.random if need high performance (for example, generate trace IDs). |
Yes, the return v4_uuid():gsub("-", "") I think original idea was to make it more secure because there was issues reported because of above (the same issue is with the proposed math.rand as is it almost the same).
Right but original commit definitely wanted to make it harder for reason, this is the commit:
We originally had almost the pure math.rand flavor, which the commit referenced above wanted to change for reason. I think this is out of scope of this work. We can have separate PR for that, and also discuss should we have variable length ones in separate PR. The code here does not change things. It speeds it up. The to_hex effectively cuts the random string entropy to half. With wider char space like base62 you don't do it as much (e.g. here we almost retain the 192 bits of entropy, not fully in all the cases, but almost - with hex you would need longer output string). I suggest we put better ones in PDK. The better ones could take in account:
In general there are many things to consider. |
### Summary This PR optimizes the `kong.tools.rand.random_string`. Results can be seen in PR that this PR replaces: #13150 (comment) KAG-4673 Signed-off-by: Aapo Talvensaari <[email protected]>
6a51707
to
7d991d2
Compare
Successfully created cherry-pick PR for |
I understand. But the commit reference doesn't actually make it any securer. The usage or base64 + rand mapping we |
### Summary This PR optimizes the `kong.tools.rand.random_string`. Results can be seen in PR that this PR replaces: #13150 (comment) KAG-4673 Signed-off-by: Aapo Talvensaari <[email protected]> (cherry picked from commit 9a215eb)
Summary
This PR optimizes the
kong.tools.rand.random_string
.Results can be seen in PR that this PR replaces:
#13150 (comment)
KAG-4704