<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">No-one should be using the de facto random package. It is slow and produces surprising results.<br class=""><br class="">I think one of the posters suggested using mwc-random and splitting by using a different seed. Although mwc-random has reasonably good properties, there is no guarantee about how correlated the various streams of random numbers will be. QuickCheck uses tf-random to avoid such problems. There is also a version of SplitMix <a href="https://hackage.haskell.org/package/splitmix" class="">https://hackage.haskell.org/package/splitmix</a> but I don’t think this has been heavily road-tested.<br class=""><br class="">But in this case, cryptographically secure randomness is required so I would follow Thomas’ suggestion.<br class=""><br class="">PS I just noticed my spellchecker changed defacto to defect! Perhaps AI is taking over.<br class=""><br class=""><blockquote type="cite" class="">All,<br class=""><br class="">Interesting library! Here's a link: <a href="http://hackage.haskell.org/package/DRBG-0.5.5/docs/Crypto-Random-DRBG.html" class="">http://hackage.haskell.org/package/DRBG-0.5.5/docs/Crypto-Random-DRBG.html</a><br class=""><br class="">Thomas,<br class=""><br class="">In the linked docs, there's a claim that Hash DRBG is the fastest cryptographically secure RNG on Hackage. Do you have a link to the benchmark results, or perhaps some updated ones? Unlike Viktor, I'm interested in less secure applications, but if the performance is good, it might be worth switching from the defacto random package.<br class=""><br class="">Thanks,<br class="">Jonathan<br class=""><br class="">On October 10, 2017 10:23:14 PM CDT, Thomas DuBuisson <<a href="mailto:thomas.dubuisson@gmail.com" class="">thomas.dubuisson@gmail.com</a>> wrote:<br class=""><blockquote type="cite" class="">The hash drbg from the drbg package should meet your needs.<br class="">Deterministic,<br class="">pure Haskell except the actual hash function.<br class=""><br class="">On Oct 10, 2017 8:13 PM, "Viktor Dukhovni" <<a href="mailto:ietf-dane@dukhovni.org" class="">ietf-dane@dukhovni.org</a>><br class="">wrote:<br class=""><br class=""><blockquote type="cite" class=""><br class=""><blockquote type="cite" class="">On Oct 10, 2017, at 8:48 PM, Kazu Yamamoto (山本和彦) <<a href="mailto:kazu@iij.ad.jp" class="">kazu@iij.ad.jp</a>><br class=""></blockquote>wrote:<br class=""><blockquote type="cite" class=""><br class="">Before the release, I would like to replace the random package<br class=""></blockquote></blockquote>since<br class=""><blockquote type="cite" class=""><blockquote type="cite" class="">it is slow. I'm looking for a random library which is<br class="">- fast<br class="">- thread-safe (good for concurrent use)<br class=""><br class="">Any recommendations?<br class=""></blockquote><br class="">Just to make it more interesting, I should mention that the RNG<br class="">should be not just statistically random, but should in fact be<br class="">crypto random (resist predictability through cryptanalysis when<br class="">properly seeded).<br class=""><br class="">So indeed there are two more issues here:<br class=""><br class="">- Securely seeding the RNG (likely using the OS API for<br class=""> random seeds, and/or the RDSEED/RDRAND instructions on<br class=""> Intel CPUs), IIRC we can that from cryptonite, I hope<br class=""> at a reasonable cost.<br class=""><br class="">- Choosing a suitable DRBG based on the seed. Likely again<br class=""> something from cryptonite.<br class=""><br class="">Some time back I posted to the cryptography list about the<br class="">soundness of relying on RDRAND in cryptonite's RNG (uses<br class="">it instead of /dev/urandom and the like when available).<br class="">The rough consensus IIRC was not rely solely on RDRAND.<br class="">I never went back to write a PR to address that...<br class=""><br class=""><a href="http://www.metzdowd.com/pipermail/cryptography/2016-" class="">http://www.metzdowd.com/pipermail/cryptography/2016-</a><br class="">November/thread.html#30859<br class=""><br class="">--<br class=""> Viktor.</blockquote></blockquote></blockquote><div class="">
<div class="">Dominic Steinitz</div><div class=""><a href="mailto:dominic@steinitz.org" class="">dominic@steinitz.org</a></div><div class=""><a href="http://idontgetoutmuch.wordpress.com" class="">http://idontgetoutmuch.wordpress.com</a></div>
</div>
<br class=""></body></html>