On 03/03/13 10:06, Johannes Pfau wrote:
Am Sun, 03 Mar 2013 09:58:41 +0100
schrieb "Ivan Kazmenko"<ga...@mail.ru>:
Can anyone advise on the theoretical basis for the
unpredictableSeed method in std.random? I've tried googling
around for the theory of good thread-safe seed generation
methods but haven't really found anything. :-(
I have to ask: what would be a good unpredictableSeed by
definition? With the current implementation, three downsides
come to my mind:
1. Process ID, thread ID and system tick are insecure sources of
randomness and can provide just a few bits of randomness in
certain situations. I don't know how to address this in a
portable way.
2. Once we know the first seed, it is easy to predict all
subsequent seeds. A solution would be to use a secure RNG
instead, not just the one which gives away its state.
3. It would be a particularly bad idea to initialize MinstdRand0
instances with consecutive unpredictableSeeds and then consider
them independent. This is just a consequence of a particular
choice of RNG on the previous step.
So, which of these do you consider the real problems, and what
more do you need from unpredictableSeed?
-----
Ivan Kazmenko.
Maybe it would make sense to use /dev/random where available? (The
problem is that /dev/random can block. On small embedded systems
without monitor/mice/keyboard this can happen easily)
/dev/urandom can be used if /dev/random is block:
the available entropy can be used as criterion:
/proc/sys/kernel/random/entropy_avail
Since a very long while I have written a piece of C code to do so and to read
from an environment dedicated environment variable in view to reproduce the
generated sequences if necessary (mainly debugging):
I use it intensively for numerical experiences and it works very well.
Jerome
