|
|
Boost : |
Subject: Re: [boost] New Boost.XInt Library, request preliminary review
From: Chad Nelson (chad.thecomfychair_at_[hidden])
Date: 2010-03-26 19:45:18
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>> *Mersenne Twister is not a cryptographic PRNG*
>>
>> Hm, you're right. I didn't realize that it could be predicted after so
>> few values. I'll re-work that part to use /dev/urandom or RtlGenRandom
>> directly when they're available.
>>
>> On systems where they're *not* available, is there a better choice of
>> generator, given an (unpredictable) user-supplied seed value?
>
> All the Boost.Random generators are linear and therefore insecure.
> Can you just use boost::random_device instead of writing your
> own wrapper?
I could use that instead of /dev/urandom and RtlGenRandom, but then the
library wouldn't compile on systems where boost::random_device isn't
available. My goal was to make something that would work regardless of
whether such a device was available, and leave it up to the person using
the library whether they want to continue when it isn't.
So again, given that it's going to be less secure, is there a better
choice than the Mersenne Twister for systems where no random device is
available?
- --
Chad Nelson
Oak Circle Software, Inc.
*
*
*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkutRw0ACgkQp9x9jeZ9/wQyIQCeP8BfUKt6YdOvLevvgmOt/3hN
EY0An39R6usHl189H0mjUwsyo5yvqaVf
=nzKd
-----END PGP SIGNATURE-----
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk