We Interrupt Your Regularly Scheduled Programming to Bring You
A Public Service Announcement
1 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 2
Slide 2 text
Use rand module
now1
1 Unless you stick to the older Erlang/OTP or Elixir versions before Erlang/OTP 18.x
2 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 3
Slide 3 text
The random module is
obsolete
and will be compromised by a brute-force attack in 9 hours!2
2 https://github.com/jj1bdx/as183-c
3 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 4
Slide 4 text
Still many examples use
random:uniform/1
This is not good
4 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 5
Slide 5 text
Stop using
random module
now3
3 Unless you stick to the older Erlang/OTP or Elixir versions before Erlang/OTP 18.x
5 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 6
Slide 6 text
Use rand:uniform/1
or :rand.uniform()
6 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 7
Slide 7 text
Alternatives
→ exsplus116, equivalent to rand module's default
algorithm, for 17.x or older versions of Erlang/OTP
→ sfmt-erlang (hex.pm: sfmt)
→ tinymt-erlang (hex.pm: tinymt)
7 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 8
Slide 8 text
I repeat:
use rand module
right now4!
4 Unless you stick to the older Erlang/OTP or Elixir versions before Erlang/OTP 18.x
8 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 9
Slide 9 text
random module will be
deprecated in OTP 19
removed from OTP 20
(Officially announced by Kenneth Lundin on Erlang
Factory SF Bay 2016 Day 1)
9 — Kenji Rikitake / ErLounge 10-MAR-2016
Slide 10
Slide 10 text
Thank you
10 — Kenji Rikitake / ErLounge 10-MAR-2016