----- "Felipe Monteiro de Carvalho" <felipemonteiro.carva...@gmail.com> schreef:
> On Fri, Dec 9, 2011 at 9:39 AM, Graeme Geldenhuys > <graemeg.li...@gmail.com> wrote: > > I didn't write this encryption code, I merely debugged why the unit > > tests for this unit took so long to complete, compared to under > > Delphi. > > It is specifically written in the Delphi documentation that Random > should not be utilized for encryption... > true, (but) looking at the code again, it seems that you always have a predictable sequence when using the same algorithm. Not sure if that is a good thing or a bad one in cryptology :-). After all, when you do not randomize() first, randseed has a default startupvalue (and otherwise it is typically seeded with a timestamp of somesorts). I don't remember where I read it (ages ago), and the comment in Delphi seems to negate that this is the used algorithm, but this 'predictable sequence from the same seed'-property is especially true when using a LCG pseudo-random-number-generator. Just to be sure, the wikipedia article DOES mention that Delphi (and every other HL language that matters :-)) supplies a Random functionality that is based on a LCG. http://en.wikipedia.org/wiki/Linear_congruential_generator And in the java realm there are numerous other algorithms available, but the default implementation with the language libraries is a LCG, as does the C(++). Reading the article again, I find a few paragraphs corresponding to the Delphi help. Excerpt from the 'advantages and disadvantages' part of the page: -- LCGs should not be used for applications where high-quality randomness is critical. For example, it is not suitable for a Monte Carlo simulation because of the serial correlation (among other things). They should also not be used for cryptographic applications; see cryptographically secure pseudo-random number generator for more suitable generators. If a linear congruential generator is seeded with a character and then iterated once, the result is a simple classical cipher called an affine cipher; this cipher is easily broken by standard frequency analysis. -- kind regards, Dimitri Smits _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
