A password hashing crate requires a &[u8]
to act as a salt when generating its hashes. Of course, this salt should be generated with a secure random number generator, and the rand
crate provides a few such generators. From looking through its documentation, I can write the salt-generation code like this:
//in an actix route
let mut salt: [u8; 128] = [0; 128]; //I'm not sure if 128 bytes is a good length — if anyone has information on this, please share it
let mut rng = StdRng::from_entropy(); //the only initialization technique that is documented as secure
rng.fill_bytes(&mut salt);
This seems like it may work under small load, but under larger load it seems like OS-level entropy may run out, and then cause from_entropy()
to panic and/or block, both of which would be disastrous as they would cause problems for an entire Actix worker thread (which, via async Rust, can handle many requests at once). I can't use Actix's system for application state since many copies of the route may run at once, thus preventing eacy copy from having its own mut
reference to the RngCore
implementation (Mutex
would probably cause deadlocks, and RefCell
would probably cause panics if one registration request starts before another ends and they're allocated to the same worker thread.)
As such, I ask, how can I handle this cleanly and efficiently?