in reply to Re^4: A better rand() for Win32
in thread A better rand() for Win32

Oh. I see. The author says in the the comments of his 10 line Perl script that it is a "cryptographically secure random number generator", and so you take that at face value and believe it?

Or, perhaps, you might investigate what makes it such. For example, you might see the reference to a third party library and wonder what that's about. And if your investigations of that didn't lead you to suitable information, you might come back and ask one or two questions of the author. Like maybe, what makes this cryptographically secure as opposed to the current best-of-breed PRNG, the Mersenne Twister.

Or then again, maybe you wouldn't. But of course, you don't have to, because I already did that.

You might also wonder about the security of a CSPRNG that exposes itself to 'remote code execution vulnerabilities'. Or not. But again, you do not have to, because I already did that too.

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
"Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."

Replies are listed 'Best First'.
Re^6: A better rand() for Win32
by bart (Canon) on Aug 01, 2007 at 06:30 UTC
    Like maybe, what makes this cryptographically secure as opposed to the current best-of-breed PRNG, the Mersenne Twister.
    Look, no need to attack me for this, I'm a Mersenne Twister fan myself, but the authors of the MT themselves say in big blinking letters do not use for cryptographic purposes. Surely you must have read that?

    I have no idea if the algorithm here is suitable. The author himself says it is. That is clearly a difference in positioning. I have no use for cryptographic purposes, so I don't feel the need to investigate. And now, fuck off.

[reply]
      I am back as the author of this posting. Finally to respond !! The "cryptographic" is important form the standpoint of some games like computer backgammon that use some neural net learning algorithm. The game algorithm may be hacking the Pseudo Random Number generator's algorithm rather than game strategy itself or a combination of both. So by randomizing the seed (gathering entropy ) from Current Time, process ID, Memory info, and so on, (As described about for CryptGenRandom() API that CAPICOM uses) a human or machine has a harder time figuring out what LCRNG you are using. Remember, a random number generator is no longer random if its seed and algorithm are known. The srand documentation shows a simple unix entropy example: srand(time ^ $$ ^ unpack "%32L*", `ps auxw | gzip`); You want to seed your generator with as much entropy or in plain English "garbage" or "noise" bits. Having said that, Intel has a hardware resistor noise intereface to further add to the entropy pool. I am not sure how to use that in CAPICOM. The Intel site doesn't seem to indicate that Windows XP is supported.
[reply]
        a random number generator is no longer random if its seed and algorithm are known

        There are a numer of Cryptographically Secure Pseudo Random Bit Generators for which that statement is not true (for some definition of "seed", anyway). I'm thinking of the RSA, Blum-Blum-Shub and Micali-Schnorr pseudorandom bit generators - the only CSPRBG's with which I'm in any way familiar.

        The cryptographic strength of these generators relies on the indeterminability of the 2 chosen (large) primes upon which they are based. Knowing both the algorithm and the seed value that was used is of no help if the 2 primes are not known. Of course, it could be argued that those 2 primes are, in effect, part of the "seed" ...

        The nice thing about these CSPRBG's is that they can be used to provide "quality" pseudorandom numbers without any need to "gather entropy" at all. (For cryptographic purposes, however, you'd be well advised to gather plenty of entropy when it comes to choosing the 2 primes.)

        Cheers,
        Rob
[reply]

In Section Code Catacombs