luau-lang/rfcs
1
0
Fork 0
mirror of https://github.com/luau-lang/rfcs.git synced 2025-05-04 10:43:48 +01:00
Code Issues Projects Releases Packages Wiki Activity
rfcs/docs/function-buffer-random.md

1.5 KiB
Raw Blame History

buffer.random

Summary

Add buffer.random as a function to generate cryptographically secure random bytes.

Motivation

There is no mechanism in Luau for cryptographically secure random bytes, which is a requirement for cryptographic libraries implemented in Luau.

Other scripting languages support mechanisms to achieve this, for example JavaScript's crypto.getRandomValues, Python's secret library, and PHP's random_bytes.

Design

The proposal adds the following standard library function:

buffer.random(b: buffer, offset: number, count: number): ()

Set 'count' bytes in the buffer from specified offset to securely generated random bytes. (/dev/urandom on Linux, as example)

A maximum of 65536 bytes for the 'count' parameter is to be imposed to prevent accidental entropy exhaustion.

local b = buffer.create(32)
buffer.random(b, 0, 32)

-- Use as needed, for example as a cryptographic key or nonce.

Drawbacks

The introduced function can expose mechanisms for draining available entropy on the system, although resource exhaustion is considered out of scope of the Luau security model.

Alternatives

Existing library options, like math.random (or the Random library specific to Roblox) are not sufficient for cryptographic purposes.