samuel-hunter
commented
3 years ago Quicklisp's dist 2021-10-20 updated sha1 -- this is now doable!
Closed samuel-hunter closed 2 years ago
samuel-hunter
commented
3 years ago Quicklisp's dist 2021-10-20 updated sha1 -- this is now doable!
fukamachi
commented
2 years ago On a different topic, the cl:random is not quite random and it will cause a conflict of session IDs on a large number of requests. So, I just rewrote it with ironclad:random-data. Oops.
samuel-hunter
commented
2 years ago Hi @fukamachi, I've found that cl-isaac looks like a good crypto PRNG to replace ironclad's random. If you're interested in this PR, I'll go ahead and replace ironclad:random-data.
fukamachi
commented
2 years ago Happy to hear that! Sounds good to me.
samuel-hunter
commented
2 years ago The commit's amended with cl-isaac. Thanks for taking a look at this! On the aside, I have a similar PR for the websocket-driver: https://github.com/fukamachi/websocket-driver/pull/58
samuel-hunter
commented
2 years ago On the aside, cl+ssl:random-bytes looks like an equally suitable alternative.
fukamachi
commented
2 years ago Thanks a lot!
Ironclad is a meaty dependency. This system takes the longest time on my computer to compile my web application, and I've read comments online that it adds ~19MB RAM usage in a lisp image.
This change switches ironclad with the single-purpose library
sha1to minimize lack's footprint, and the librarycl-isaacfor a cryptographic PRNG for random session generation.