On Fri, Jul 07, 2023 at 10:05:50AM +0200, Anton Khirnov wrote: > Quoting Michael Niedermayer (2023-07-07 02:55:46) > > > > The litteral wording was > > "that guarantees either cryptographically secure randomness or an error." > > > > that was what i refered to. > > > > the wording used now: > > "to the best of our ability, and that of the underlying libraries we rely on) cryptographically secure." > > > > is perfectly fine with me. > > I would have the same issue if someone said AES gurantees ... > > IMO the two formulations are equivalent whenever it comes to practical > computing. An algorithm can be mathematically proven to be sound*, but > any practical computing scheme on actual hardware is always subject to > software bugs, system misconfiguration, hardware bugs, hardware failure, > etc. > > We use similar wording in other documentation, where e.g. we might > guarantee that some function returns a NULL-terminated string or so. > That guarantee is always under the implicit condition that there are no > bugs and the code runs in the expected environment. The same > considerations apply here. Theres a big difference between a bug in our implementation And us claiming some cryptographic primitive is secure. It was said previously that we shouldnt do things we lack the experties on and rather delegate to cryptographic libraries writen and audited by experts. (where it matters for security not just for playback) But claiming CSPRNG or AES or anything else is guranteed secure is exactly such a claim that is not within our experties. If you claim your code produces a null terminated string that i believe you (within the bounds you mentioned) but if you tell me AES will always be secure i wont believe you that unless you have the mathemtical proofs to back that up (and i read and understood them). Now all that flawlessness with security primitives from proper security libs and stuff needs to be taken with a grain of salt too. just 4 months ago i found 2 issues with teh random number generator in the hardware password manager that i use. So yeah maybe people feels iam too nitpicky here but honestly id rather be nitpicky on security stuff thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If you fake or manipulate statistics in a paper in physics you will never get a job again. If you fake or manipulate statistics in a paper in medicin you will get a job for life at the pharma industry.