Date: Mon, 7 Oct 1996 11:27:36 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: ache@nagual.ru (=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=) Cc: hackers@FreeBSD.org, current@FreeBSD.org Subject: Re: random() fix explanation to avoid misunderstanding Message-ID: <199610071827.LAA14499@phaeton.artisoft.com> In-Reply-To: <199610071741.VAA01397@nagual.ru> from "=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=" at Oct 7, 96 09:41:19 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> At this moment I saw several own people misinterpretation of the fix like > "make random generator better" or "change random distribution", etc. > > Here the correct answer: the fix NOT change random generator, it > change SEEDING bug. Due to this bug given states algorithm is > useless! I.e. it isn't needed at all to have initstate()/setstate() > things with initial weak seeding formulae, because it breaks all > following calculations. > > Netscape story is some sort of analogy: poor random number generator > there make useless following good SSL algorithm. I understand that you are improving the "random" while at the same time damaging the "pseudo". I further understand that since the (non-mathematically precise) standard does not specify the "pseudo", that you feel yourself justified in making this change, since you view the platform as a platform providing ANSI and ISO standards compliant interfaces, not necessarily mathematically or computationally useful interfaces. However, I *strongly* urge you to make the fact of this change as obvious (and reversible) as you possibly can. I can not stress strongly enough that this type of change, if done casually, *seriously* impacts the utility of the platform for *real* uses, rather than simply Computer Science uses. Computer systems are more than just toys for the people who build them. There is a vast difference between cryptographic suitability, which relies on large number theory, and suitability for use in Monte Carlo based algorithms for test data generation, which relies more on the fact of repeatable pseudo-randomness than it does on achieving a cryptographically "good" point distribution. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610071827.LAA14499>