Merge PR #24

2024-10-04 07:50:45 +03:00 · 2023-11-10 09:27:34 +09:00 · 2023-11-10 09:27:34 +09:00 · aac5e5a79d
commit aac5e5a79d
parent 54bc6df379 c18b7d2dcc
1 changed files with 8 additions and 1 deletions
--- a/Crypto/Random.hs
+++ b/Crypto/Random.hs
@ -37,6 +37,7 @@ import Crypto.Random.SystemDRG
 import Data.ByteArray (ByteArray, ByteArrayAccess, ScrubbedBytes)
 import qualified Data.ByteArray as B
 import Crypto.Internal.Imports
+import Crypto.Hash (Digest, SHA512, hash)

 import qualified Crypto.Number.Serialize as Serialize

@ -49,7 +50,13 @@ seedLength = 40

 -- | Create a new Seed from system entropy
 seedNew :: MonadRandom randomly => randomly Seed
-seedNew = Seed `fmap` getRandomBytes seedLength
+-- The degree of its randomness depends on the source, e.g. for iOS we
+-- have to compile with DoNotUseEntropy flag, as iOS doesn't allow
+-- using getentropy, and on some other systems it can be also
+-- potentially comprisable sources. Hashing of entropy before using
+-- it as a seed is a common mitigation for attacks via RNG/entropy
+-- source.
+seedNew = (Seed . B.take seedLength . B.convert . (hash :: ScrubbedBytes -> Digest SHA512)) `fmap` getRandomBytes 64

 -- | Convert a Seed to an integer
 seedToInteger :: Seed -> Integer