New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide an API to gather entropy to be used in cryptography #15064
Comments
The following Dart program reads random bits from /dev/random, and prints them: import 'dart:io'; main() { I think this is sufficient, and if there is another random source only available through a native call, then a native extension can be written. So I would suggest closing this issue as "NotPlanned" or "WorkingAsIntended". As an aside, I think cryptography should be done using native cryptography libraries where possible, especially OS-provided capabilities, or using supported packages. Removed Type-Defect, Priority-Unassigned labels. |
This comment was originally written by izaer...@gmail.com The proposed code does not work client-side. Nor do native libraries. Writing crypto code in Dart is not wrong. It depends on many considerations and the specific scenario. For example: -How much you trust your underlying operating system/browser crypto APIs. There are already implementations of crypto in Javascript because they are needed in some specific scenarios (for an example look at Lastpass service). Why not in Dart? Having a language/platform where it is impossible to run crypto algorithms in version 1.0 does not seem very useful in my opinion. Said that, I understand the need for native solutions to achieve good performance. But crypto is not only about performance, there are more thinks to take into account. |
Removed Priority-Low, Area-IO labels. |
The ideal would be to expose the cryptographic primitives of browsers. This should include the random-generator. Most users would use the provided functionality, but others could build on top of the source. This doesn't have high priority now, though. |
This comment was originally written by iza...@gmail.com Seems like there's some ongoing work to standardize crypto in JS: http://www.w3.org/TR/WebCryptoAPI/ |
This comment was originally written by @stevenroose Any update on this? As I'm porting a Bitcoin library to Dart, having strong randomness is crucial for security, so I'd really appreciate native support for this that works both in the DVM as with dart2js. |
This is a duplicate of issue #1746 . The support comes from the embedder, so it will be in dart:io in the standalone vm, and in dart:html in the browser. It is already supported in dart:html Crypto.getRandomValues, so we just need dart:io support. Providing more cryptographic operations, beyond the secure RNG, is now the job of package:crypto, at https://github.com/dart-lang/crypto |
See also #1746 |
This issue was originally filed by izaera...@gmail.com
Just so that we can one day implement true random number generators and full cryptography, we need some API to access things like /dev/random to gather true random bits.
Thanks ;-P.
The text was updated successfully, but these errors were encountered: