Date: Tue, 17 Mar 2015 11:46:18 -0700 From: Steve Kargl <sgk@troutmask.apl.washington.edu> To: "Dennis E. Hamilton" <dennis.hamilton@acm.org> Cc: freebsd-numerics@FreeBSD.org, 'Pedro Giffuni' <pfg@FreeBSD.org> Subject: Re: Random number generators Message-ID: <20150317184618.GA24951@troutmask.apl.washington.edu> In-Reply-To: <00a001d060d7$0077f100$0167d300$@acm.org> References: <7CBD7758-9472-4A2E-8065-EC6E68EE8DAB@FreeBSD.org> <20150317060310.GA21975@troutmask.apl.washington.edu> <F6137E2C-FDF2-46B3-BFC2-1975AFA40951@FreeBSD.org> <00a001d060d7$0077f100$0167d300$@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 17, 2015 at 10:22:51AM -0700, Dennis E. Hamilton wrote: > > If you are serious about crypto grade randomness, libc is probably > not the answer. Generally, I don't think reliance on a single > generator for general purpose use and for cryptographic quality > is going to work well. This is a very context-sensitive situation > and addressing specific threat models against cryptographic PRGs > is a very different matter from wanting unpredictable and good > quality pseudo-randoms for simulations and other purposes. > I intrepeted Pedro's original email to mean something better than rand(3) and random(3). Neither is appropriate for crypto, and I'm certainly not claiming KISS by GM is suitable for crypto either. In fact, others have shown KISS isn't a good source for crypto (http://eprint.iacr.org/2011/007.pdf). For crypto randomness, as Pedro stated, use arc4random(3). kiss(), as I posted here, is good enough to deal cards and to do monte carlo simulations in various fields of physics. -- Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150317184618.GA24951>