Ahem. From the homepage you linked (my emphasis):
Caution: Mersenne Twister is basically for Monte-Carlo simulations - it is not cryptographically secure "as is". Please read FAQ.
And from the FAQ:
Want to use for cryptography.
Mersenne Twister is not cryptographically secure. (MT is based on a linear recursion. Any pseudorandom number sequence generated by a linear recursion is insecure, since from sufficiently long subsequence of the outputs, one can predict the rest of the outputs.)
To make it secure, you need to use some Secure Hashing Algorithm with MT. For example, you may gather every eight words of outputs, and compress them into one word (thus the length of the output sequence is 1/8 of the original one).
It is meaningful to replace linear generators like LFSR with MT.
2002-version can receive an array of integer as a seed, and it fits to this usage.
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
"Science is about questioning the status quo. Questioning authority".
The "good enough" maybe good enough for the now, and perfection maybe unobtainable, but that should not preclude us from striving for perfection, when time, circumstance or desire allow.
| [reply] |
Yes, precisely -- you cannot use MT as as a CSPRNG; however, you can use a secure hash function as a CSPRNG, with MT as the sequence generator. But, you can use a secure hash function as a CSPRNG with just about any sequence of numbers, as long as no one knows what the seed is -- you just run it in output feedback mode.
Unfortunately, no one has done any kind of serious verification with MT + secure hash that I've been able to find; at least not to the extent of CSPRNG algorithms like ISAAC.
Yoda would agree with Perl design: there is no try{}
| [reply] |