From owner-freebsd-hackers Mon Oct 7 11:30:52 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA16179 for hackers-outgoing; Mon, 7 Oct 1996 11:30:52 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA16158; Mon, 7 Oct 1996 11:30:47 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id LAA14499; Mon, 7 Oct 1996 11:27:36 -0700 From: Terry Lambert Message-Id: <199610071827.LAA14499@phaeton.artisoft.com> Subject: Re: random() fix explanation to avoid misunderstanding To: ache@nagual.ru (=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=) Date: Mon, 7 Oct 1996 11:27:36 -0700 (MST) Cc: hackers@FreeBSD.org, current@FreeBSD.org In-Reply-To: <199610071741.VAA01397@nagual.ru> from "=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=" at Oct 7, 96 09:41:19 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > At this moment I saw several own people misinterpretation of the fix like > "make random generator better" or "change random distribution", etc. > > Here the correct answer: the fix NOT change random generator, it > change SEEDING bug. Due to this bug given states algorithm is > useless! I.e. it isn't needed at all to have initstate()/setstate() > things with initial weak seeding formulae, because it breaks all > following calculations. > > Netscape story is some sort of analogy: poor random number generator > there make useless following good SSL algorithm. I understand that you are improving the "random" while at the same time damaging the "pseudo". I further understand that since the (non-mathematically precise) standard does not specify the "pseudo", that you feel yourself justified in making this change, since you view the platform as a platform providing ANSI and ISO standards compliant interfaces, not necessarily mathematically or computationally useful interfaces. However, I *strongly* urge you to make the fact of this change as obvious (and reversible) as you possibly can. I can not stress strongly enough that this type of change, if done casually, *seriously* impacts the utility of the platform for *real* uses, rather than simply Computer Science uses. Computer systems are more than just toys for the people who build them. There is a vast difference between cryptographic suitability, which relies on large number theory, and suitability for use in Monte Carlo based algorithms for test data generation, which relies more on the fact of repeatable pseudo-randomness than it does on achieving a cryptographically "good" point distribution. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.