Hi All. I'm sure it's been asked before, but google hasn't revealed anything apart from statements that the function sqlite3_randomness is "High Quality". I'm looking more for a quantitative definition (repetition, entropy etc)
Looking at the code, it seems to get a random seed from the OS (once only it seems). In the case of nix, this is using /dev/urandom which is stated as appropriate for cryptographic purposes and maintains an entropy pool from random sources. For windows. It seems to use the high-performance counter mangled with time. I'm not sure this is random at all but would be acceptable for seeding a block cipher in counter mode to generate a csprng - e.g. Fortuna. (the subsequent processing doesn't seem to be this, though). For VxWorks, it is problematic since VxWorks <=6.3 do not have a /dev/urandom so the nix method defaults to a time and PID based one. Since the PID is always constant, this strikes me that it may not have much entropy (for the seed at least). I have run into problems with locking in the past where the random lock algo always returns 0. Assuming that a time is returned, then again, like with windows, if it is used for a block cipher in counter mode it may be sufficient. But assuming that a value of some description is obtained for the seed, what is the quantitative assessment of sqlite3_randomness? What is the repetition rate? (2^n). Is the result of sqlite3_randomness acceptable as a cryptographically secure pseudo random number generator (csprng) or is it only sufficient to seed a csprng - what does "High Quality" actually mean? Regards Shaun _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
