Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Randomness in JitteredDelay Class #3315

Closed
wants to merge 1 commit into from
Closed

Improve Randomness in JitteredDelay Class #3315

wants to merge 1 commit into from

Conversation

isaacschepp
Copy link

@isaacschepp isaacschepp commented May 8, 2024
edited
Loading

Description

This pull request replaces the usage of System.Random with System.Security.Cryptography.RandomNumberGenerator in the JitteredDelay class. This enhances the randomness and security of random number generation. We generate a random long value, normalize it to a double in the range [0, 1), and use this double value to add a random amount of jitter to the retry delay.

Motivation and Context

The change is required to enhance the security and randomness of the JitteredDelay class, particularly for security-sensitive operations. It improves the overall robustness of the system's retry mechanism.

Testing

The changes have been tested to ensure the JitteredDelay class still functions as expected, and the new randomness generation does not introduce any errors or unexpected behavior. Tests were run in a local development environment.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • My code follows the code style of this project
  • My change requires a change to the documentation
  • I have updated the documentation accordingly
  • I have read the README document
  • I have added tests to cover my changes
  • All new and existing tests passed

License

  • I confirm that this pull request can be released under the Apache 2 license

@dscpinheiro dscpinheiro changed the base branch from main to main-staging May 9, 2024 12:41
@normj
Copy link
Member

normj commented May 10, 2024

I ran the change through Benchmark.NET comparing using System.Random and RandomNumberGenerator. The RandomNumberGenerator version was quite a bit slower then using System.Random. Given the use of random in this case is not for any crypto graphic purposes, just adding a bit of randomness in retries, I don't think switching to RandomNumberGenerator is worth the performance hit.

| Method           | Mean      | Error     | StdDev    |
|----------------- |----------:|----------:|----------:|
| RandomTest       |  2.101 ns | 0.0661 ns | 0.1104 ns |
| RandomCryptoTest | 52.501 ns | 1.0247 ns | 1.0064 ns |

@normj normj closed this May 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@isaacschepp @normj