Yitzchak Gale <g...@sefer.org> wrote: > Since they weren't mentioned in this thread, I'll point out that there > are better sources of entropy than /dev/random, /dev/urandom, and the > Windows API. > > For example, the two sites > > https://random.org/integers > https://www.fourmilab.ch/hotbits/secure_generate.html > > both offer free random bits via a secure REST interface.
I would prefer /dev/random, /dev/urandom and the Windows API over those sources. Firstly receiving random strings through the internet is slow -- too slow for many applications. Also it can fail. But more importantly you have no control over who generates, watches and perhaps even intercepts the stream. In many applications randomness is worth nothing if other people have access to the random data. The random streams from the two services you mentioned are hardly any better for any practical purpose than what /dev/*random can provide, especially if you use an entropyd. If cryptographic strength is required you can just use the random stream from /dev/*random. Otherwise I recommend seeding mersenne-random or mwc-random from /dev/*random and using the PRNG. Greets, Ertugrul -- nightmare = unsafePerformIO (getWrongWife >>= sex) http://blog.ertes.de/ _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
