Subject: Re: [boost] Boost.Uuid and header-only support
From: Steven Watanabe (watanabesj_at_[hidden])
Date: 2017-11-06 15:57:29
On 11/06/2017 06:17 AM, James E. King, III via Boost wrote:
> On Sun, Nov 5, 2017 at 9:08 AM, Niall Douglas via Boost <
> boost_at_[hidden]> wrote:
>>> So the initialization of the mersenne twister is expensive, so if you
>>> do it once and then reuse it, it is much more efficient than going to
>> Mersenne is only fast on x86/x64. It is dog slow on every other CPU.
>> Also, I hate to be pedantic, but Mersenne is not cryptographically
>> secure. UUIDs ought to be generated from a crypto-strong source unless
>> the end user specifically asks for otherwise.
>> On Windows, that's RtlGenRandom() which is rand_s() in recent MSVC's. On
>> POSIX that is /dev/urandom or /dev/random depending on the POSIX flavour.
>> If you want something faster, Blake2b is crypto strong and fast on all
>> modern CPUs. Just need to seed it with a random seed, and you're happy.
>> Failing that, really recent CPUs can do SHA256 in hardware, but they
>> have tiny market penetration currently. You can, of course, use any AES
>> hardware offload also as a randomness generator, that has much wider
>> support in CPUs.
> Is there an existing PRNG in Boost.Random that would be better than mersenne
> to use in a "bulk" uuid generator typedef?
Boost.Random does not have any cryptographic prngs (apart from
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk