From 07e52b91ddfa137b579cea443f94fe709dc00d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Rica=20Pais=20da=20Silva?= Date: Sat, 30 Nov 2024 11:44:33 +0100 Subject: [PATCH] chore: Prepare bevy v0.15 release (#31) --- Cargo.toml | 6 +++--- README.md | 4 +++- tutorial/01-choosing-prng.md | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f13deb2..ef186e4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,9 +11,9 @@ version = "0.8.0" rust-version = "1.76.0" [workspace.dependencies] -bevy_app = { version = "0.15.0-rc.3" } -bevy_ecs = { version = "0.15.0-rc.3" } -bevy_reflect = { version = "0.15.0-rc.3", default-features = false } +bevy_app = { version = "0.15.0" } +bevy_ecs = { version = "0.15.0" } +bevy_reflect = { version = "0.15.0", default-features = false } serde = "1" serde_derive = "1" rand_core = { version = "0.6", features = ["std"] } diff --git a/README.md b/README.md index dfb2bd6..032118d 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,9 @@ bevy_rand = "0.8" bevy_prng = { version = "0.8", features = ["rand_chacha", "wyrand"] } ``` -The summary of what RNG algorithm to choose is: pick `wyrand` for almost all cases as it is faster and more portable than other algorithms. For cases where you need the extra assurance of entropy quality (for security, etc), then use `rand_chacha`. For more information, [go here](https://docs.rs/bevy_rand/latest/bevy_rand/tutorial/ch01_choosing_prng/index.html). +The summary of what RNG algorithm to choose is: pick `wyrand` for almost all cases as it is faster and more portable than other algorithms. For cases where you need the extra assurance of entropy quality (as in, better and much less predictable 'randomness', etc), then use `rand_chacha`. For more information, [go here](https://docs.rs/bevy_rand/latest/bevy_rand/tutorial/ch01_choosing_prng/index.html). + +DO **NOT** use `bevy_rand` for actual security purposes, as this requires much more careful consideration and properly vetted crates designed for cryptography. A good starting point would be to look at [RustCrypto](https://github.com/RustCrypto) and go from there. ### Registering a PRNG for use with Bevy Rand diff --git a/tutorial/01-choosing-prng.md b/tutorial/01-choosing-prng.md index 5179ff1..9538312 100644 --- a/tutorial/01-choosing-prng.md +++ b/tutorial/01-choosing-prng.md @@ -73,6 +73,6 @@ Trying to use PRNGs directly as resources/components from the `rand_*` crates is ## Factors for selecting a PRNG algorithm -As a whole, which algorithm should be used/selected is dependent on a range of factors. Cryptographically Secure PRNGs (CSPRNGs) produce very hard to predict output (very high quality entropy), but in general are slow. The ChaCha algorithm can be sped up by using versions with less rounds (iterations of the algorithm), but this in turn reduces the quality of the output (making it easier to predict). However, `ChaCha8Rng` is still far stronger than what is feasible to be attacked, and is considerably faster as a source of entropy than the full `ChaCha20Rng`. `rand` uses `ChaCha12Rng` as a balance between security/quality of output and speed for its `StdRng`. CSPRNGs are important for cases when you _really_ don't want your output to be predictable and you need that extra level of assurance, such as doing any cryptography/authentication/security tasks. +As a whole, which algorithm should be used/selected is dependent on a range of factors. Cryptographically Secure PRNGs (CSPRNGs) produce very hard to predict output (very high quality entropy), but in general are slow. The ChaCha algorithm can be sped up by using versions with less rounds (iterations of the algorithm), but this in turn reduces the quality of the output (making it easier to predict), or by compiling with CPU features enabled such as SIMD (AVX2 support in particular). However, `ChaCha8Rng` is still far stronger than what is feasible to be attacked, and is considerably faster as a source of entropy than the full `ChaCha20Rng`. `rand` uses `ChaCha12Rng` as a balance between security/quality of output and speed for its `StdRng`. CSPRNGs are important for cases when you _really_ don't want your output to be predictable and you need that extra level of assurance, such as doing any cryptography/authentication/security tasks. Do note however, `rand` is not intended to be a cryptography crate, nor used for cryptography purposes, and that should be delegated towards crates designed for that purpose. -If that extra level of security is not necessary (which will be most cases within a game), but there is still need for extra speed while maintaining good enough randomness, other PRNG algorithms exist for this purpose. These algorithms still try to output as high quality entropy as possible, but the level of entropy is not enough for cryptographic purposes. These algorithms should **never be used in situations that demand security**. Algorithms like `WyRand` and `Xoshiro256StarStar` are tuned for maximum throughput, while still possessing _good enough_ entropy for use as a source of randomness for non-security purposes. It still matters that the output is not predictable, but not to the same extent as CSPRNGs are required to be. PRNGs like `WyRand` also have small state sizes, which makes them take less memory per instance compared to CSPRNGs like `ChaCha8Rng`. +If that extra level of randomness is not necessary (which will be most cases within a game), but there is still need for extra speed while maintaining good enough randomness, other PRNG algorithms exist for this purpose. These algorithms still try to output as high quality entropy as possible, but the level of entropy is not enough for cryptographic purposes. These algorithms should **never be used in situations that demand security**. Algorithms like `WyRand` and `Xoshiro256StarStar` are tuned for maximum throughput, while still possessing _good enough_ entropy for use as a source of randomness for non-security purposes. It still matters that the output is not predictable, but not to the same extent as CSPRNGs are required to be. PRNGs like `WyRand` also have small state sizes, which makes them take less memory per instance compared to CSPRNGs like `ChaCha8Rng`.