Use a runtime-rng feature flag instead of using OS detection #82
Conversation
There was a problem hiding this comment.
Wouldn't this be better handled at the getrandom level?
aHash is pulling in getRandom which as a detection that it is on a unix system and if so adds a dependency on libc. (Presumably this for the getrandom system call). However it also supports a fallback if this is not available. It seems like the solution for a linux that lacks libc would be to have getRandom compile to use the fallback and not pull in libc in the first place. This would be more generally useful because it would apply to not only aHash but anything else using getrandom.
|
Does |
|
I am using a completely custom target specified using a json config. I don't think it is reasonable to modify upstream projects to specifically handle my custom target. I would much prefer if this was handled in |
If a source of Randomness is available, it absolutely should be used with Hash brown. |
|
The proper way to express this would be for hashbrown to expose a feature to enable runtime rng which forwards to the ahash feature. |
|
We want the best available source of Randomness to be used. If we reduce it to a flag, then it throws it on the user to set it for their platform. This likely means using a default which is the least common denominator, and trying to persuade people to lookup their platform and enable a better source. I don't like that outcome because the use of aHash is very likely indirect. IE an app depends of a library which in turn uses it. If such a library is to be genetic it cannot make assumptions about the platform, so the app will be unaware and end up getting a poor source of Randomness even though a good one is available. If you are in control of the custom target, you could specify the SYS or the ABI as "none": https://docs.rust-embedded.org/embedonomicon/custom-target.html |
Randomness for a hasher is only useful in the context of HashDoS. Anyone who specifically requires HashDoS-resistance should be using the |
Strong randomness, yes. Weak randomness is always required, but counters etc can provide that.
Yes, agreed. I would like a way to support this for |
|
The |
|
Yes. But how is another library supposed to use it? If some other hashMap library does want randomness this PR forces those libraries to either be like hashbrown and not provide DOS protection or have their builds fail on platforms where random is not available. I'm not even sure it really solves the original problem particularly well. The root of the issue is that aHash is using in it's config.toml and you are running on a unix without a If instead we address the root issue and in There was a proposed PR to do exactly this: rust-random/getrandom#127 |
If another library actually guarantees DoS protection then it should require either runtime or compile-time RNG.
It does solve the problem: it is common in
That won't work: you would need to use either |
Libraries don't know how they are going to be used. Because something isn't available on a custom target, doesn't mean it should be disabled when it is available. The only reason Above I mentioned "target_env". Per the list here: https://doc.rust-lang.org/nightly/rustc/platform-support.html |
|
FYI, you may be interested in an alternative solution in #97. |
|
Changing merge target to |
Co-authored-by: bl-ue <[email protected]>
* Use a runtime-rng feature flag instead of using OS detection (#82) * Use cfg-if to simplify conditions * Require rng for RandomState::default and new. * Don't use runtime rng when fuzzing * Add support for hash_one Signed-off-by: Tom Kaitchuck <[email protected]> Co-authored-by: Amanieu d'Antras <[email protected]> Co-authored-by: bl-ue <[email protected]>
The current OS detection is breaking my code which uses a custom linux target that doesn't have a libc.
ahashshould have zero dependencies when built withdefault-features = false.