--- Log opened Sat Dec 30 00:00:16 2023
00:53 -!- Guest7282 [~nex8192@user/nex8192] has joined #bitcoin-rust
02:21 -!- Guest7282 [~nex8192@user/nex8192] has left #bitcoin-rust [Error from remote client]
04:50 -!- Guest7282 [~nex8192@user/nex8192] has joined #bitcoin-rust
06:37 -!- Guest7282 [~nex8192@user/nex8192] has left #bitcoin-rust [Error from remote client]
06:54 -!- Guest7282 [~nex8192@user/nex8192] has joined #bitcoin-rust
07:30 < andytoshi> Ademan_: (a) yes, and (b) 'rand' is an off-by-default feature
07:31 < andytoshi> despite being "not a crypto library" rand does have some RNGs which pass through to the OS RNGs, which _are_ cryptographically strong in all major OSes
07:31 < andytoshi> and in cases where they aren't (wasm), rand will refuse to run rather than producing bad randomness
07:32 < andytoshi> rand also has the `CryptoRng` trait, which is a marker trait for RNGs that their authors claim to be cryptographically strong. i believe 'rand' itself only uses this trait for its os rngs
07:39 -!- Guest7282 [~nex8192@user/nex8192] has left #bitcoin-rust [Error from remote client]
07:52 < Ademan> andytoshi: thanks! I'm asking because I was trying to decide how to generate some things both keys, and some session ids, and my first thought was to imitate libsecp (that's usually a pretty safe bet lol). secp uses rand's thread_rng which is chacha12 periodically seeded from the os, it sounds reasonable I guess, any idea what other options there are? I recall during the libbitcoin fiasco there was 
07:52 < Ademan> caution against directly using osrng either.
07:56 < andytoshi> i think using thread_rng would be fine. i usually use rand's OsRng. i kinda wish libbitcoinconsensus would expose the RNG that Core uses
07:56 < andytoshi> one thing you can do is, if you have any secret key material alreday, hash this and feed it into the rng seed
07:58 < andytoshi> if your osrng is compromised from the moment your application starts you're kinda screwed no matter what. you can feed CPU jitter and current time and all that into the rng in the hopes of scraping together a few dozen bits of entropy (which can make the difference between the rng being broken in practice, and not), but this is pretty hard in rust. if i were generating long-duration bitcoin keys 
07:58 < andytoshi> holding money i might try to do this
07:59 < andytoshi> DavidVorick was doing something in rust where he was implementing something like this, but i'm not sure if he finished that or published it
08:00 < andytoshi> yeah it's https://github.com/DavidVorick/userspace-rng .... i haven't vetted this other than bouncing high-level ideas off of him on signal
08:00 < Ademan> andytoshi: thanks!
08:00 < Ademan> I should probably check what bdk does too, but I'll bet they just use thread_rng
08:01 < Ademan> it really does seem like a "good enough" answer, I just got spooked
08:01 < andytoshi> yeah, bdk generally doesn't do novel crypto stuff like this
08:01 < andytoshi> Ademan: for sure, good to be careful here!
08:01 < andytoshi> there definitely have been os rng breaks even on mainstream OSes (debian, android)
08:35 -!- thomass [~thomass@ns564364.ip-139-99-209.net] has joined #bitcoin-rust
08:36 < thomass> https://pastebin.com/YJQKYqFd
08:36 -!- thomass [~thomass@ns564364.ip-139-99-209.net] has quit [Client Quit]
08:37 < andytoshi> fyi that's just the "hi i lost my money in ftx scam" spammer, unfortunately in a much harder to filter way
10:37 -!- Guest7282 [~nex8192@user/nex8192] has joined #bitcoin-rust
14:27 -!- lbia [~lbia@user/lbia] has quit [Ping timeout: 245 seconds]
14:28 -!- lbia [~lbia@user/lbia] has joined #bitcoin-rust
14:32 -!- lbia [~lbia@user/lbia] has quit [Max SendQ exceeded]
14:36 -!- lbia [~lbia@user/lbia] has joined #bitcoin-rust
14:53 -!- lbia [~lbia@user/lbia] has quit [Ping timeout: 256 seconds]
14:54 -!- lbia [~lbia@user/lbia] has joined #bitcoin-rust
18:45 -!- Guest7282 [~nex8192@user/nex8192] has left #bitcoin-rust [Error from remote client]
22:34 -!- grndslm [~grndslm@99-144-164-205.lightspeed.jcsnms.sbcglobal.net] has joined #bitcoin-rust
22:50 -!- yellowhatpro [uid556843@id-556843.hampstead.irccloud.com] has joined #bitcoin-rust
--- Log closed Sun Dec 31 00:00:16 2023