Re: [PATCH] zsh/random module [UPDATED]

[Clinton Bunch <cdbunch@xxxxxxxxxxx>]

On 11/18/2022 12:12 PM, Stephane Chazelas wrote:
> 2022-11-18 11:08:42 -0600, Clinton Bunch:
> [...]
> > > Some comments about the API:
> > >
> > > >     -c COUNT
> > > >          Sets the number of returned random data.  Defaults to 8,
> > > >          unless -i, -L, or -U is specified without -a, in which case
> > > >          the default is 1.  COUNT must be between 1 and 64.
> > > Why those arbitrary limits? Why not from 0 to inf?
> > the getrandom function only guarantees 256 bytes.  64 32-bit integers.
> > Allowing 256 uint8 would be possible, but harder to explain and doesn't work
> > well with bounding.  As the difference between the lower and upper limit
> > surpasses half the max, the number of bytes thrown away to allow uniformity
> > of distribution becomes unwieldy.
> >
> > Also zero would not be particularly useful :)
> You could call getrandom() as many times as necessary. From a
> user point of view (mine at least) that limit doesn't make
> sense. Users don't care what API you use underneath.
>
> An array can have from 0 to inf elements, a string 0 to inf
> bytes, I should be able to request from 0 to inf numbers/bytes to
> store in my array/string.
I can't do inf (there is a limit to how big an array can be, the largest 
integer for an index).  I honestly think it's unlikely anyone will need 
more than 64 random integers.  I saw no reason to expand the limit, but 
it can be done.
> > > Without -i you get uint8 in hex and with -i uint32 in decimal.
> > > Why the different bases?
> > It's possible to break a hex string into bytes in a rather straight forward
> > way.   A string of decimal numbers not so much, but decimal numbers are
> > easier to manipulate.
> >
> > If I didn't think it should do *something* when given no arguments, I'd
> > eliminate the hex string altogether.
> Alternatively, you could add a -f %02x, -f %u -f %c and do
> without the -r/-i, with default -c 8 -f %02x -L 0 -U 255.
That seems a lot more confusing than -r (raw) or -i (integer) unless 
it's expanded to a lot more arbitrary formats.  At least for someone not 
familiar with printf formats.
> Or maybe keep the -i but only as an alias for -c 1 -f %u -L 0 -U
> $((2**32-1)). (-r would be -f %c)
>
> [...]
> > > Trying to use it to get a random word with it, I came up with:
> > >
> > > $ set -o extendedglob
> > > $ l=({A..Z} {a..z} {0..9} _)
> > > $ getrandom -a a -c20 -L1 -U$#l
> > > $ echo ${(j[])a//(#m)*/$l[MATCH]}
> > > EMhKvFuQlmCVSuet5uh0
> > >
> > > Doing it straight by reading /dev/urandom would have been a lot
> > > more awkward. Could that be improved/simplified?
> > It could be done, but a list of acceptable characters would need to be
> > agreed upon and documented.  Are symbols acceptable?  About half of
> > passwords require them, but only accept certain ones and that differs from
> > website to website.
> [...]
>
> I was not suggesting you to add that as an extra feature to
> getrandom.