On Thu, Oct 31, 2013 at 3:42 PM, Robert Haas <robertmh...@gmail.com> wrote: > On Thu, Oct 31, 2013 at 2:44 PM, Garick Hamlin <gham...@isc.upenn.edu> wrote: >> I think using /dev/urandom directly would be surprising. At least it would >> have probably have taken me a while to figure out what was depleting the >> entropy pool here. > > Perhaps so; a bigger problem IMHO is that it's not portable. I think > the only way to solve this problem is to import (or have an option to > link with) a strong, sophisticated PRNG with much larger internal > state than pg_lrand48, which uses precisely 48 bits of internal state. > For this kind of thing, I'm fairly sure that we need something with > at least 128 bits of internal state (as wide as the random value we > want to generate) and I suspect it might be advantageous to have > something a whole lot wider, maybe a few kB.
I mentioned the notion of building an entropy pool, into which one might add various sorts of random inputs, under separate cover... The last time I had need of a rather non-repeating RNG, I went with a Fibonacci-based one, namely Mersenne Twister... <http://en.wikipedia.org/wiki/Mersenne_twister> The sample has 624 integers (presumably that means 624x32 bits) as its internal state. Apparently not terribly suitable for cryptographic purposes, but definitely highly non-repetitive, which is what we're notably worried about for UUIDs. -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"
