On Wed, 2012-04-11 at 09:27 +0200, Peter Bex wrote: > On Wed, Apr 11, 2012 at 08:49:32AM +0300, Timo Myyrä wrote: > > Ah, I checked the manual pages of NetBSD-current and it lists > > arc4random_uniform. > [...] > > Whats the problem of using hosts PRNG. I'd assume every host OS would > > have decent PRNG. > [...] > > And I'm not so sure the assumption that every OS has a proper PRNG is > even valid. > [...]
Hello, in my opinion this entire discussion is somewhat pointless unless we define what a properties a "good" PRNG should have for our purposes. For example neither the nonlinear additive feedback generator employed by glibc to implement rand(3) and random(3) nor the RC4 algorithm have acceptable quality for modern cryptographic applications -- they both have output biases and too short periods. On the other hand, for applications that don't require randomness good enough for use in a stream cipher any old PRNG might do the job. It really depends strongly on your application. If we really wanted to include a PRNG in the CHICKEN distribution that should satisfy any definition of "good", I would suggest to use a modern stream cipher with high throughput, for example SOSEMANUK [1]. But I'm not sure whether a suite of cryptographic functions is really something that must be included in a language's standard library. Ciao, Thomas -- [1] http://www.ecrypt.eu.org/stream/sosemanukpf.html -- When C++ is your hammer, every problem looks like your thumb. _______________________________________________ Chicken-hackers mailing list Chicken-hackers@nongnu.org https://lists.nongnu.org/mailman/listinfo/chicken-hackers