[Haskell-cafe] Re: True Random Numbers
Ertugrul Soeylemez
es at ertes.de
Fri Apr 16 03:33:04 EDT 2010
Yitzchak Gale <gale at sefer.org> wrote:
> Since they weren't mentioned in this thread, I'll point out that there
> are better sources of entropy than /dev/random, /dev/urandom, and the
> Windows API.
>
> For example, the two sites
>
> https://random.org/integers
> https://www.fourmilab.ch/hotbits/secure_generate.html
>
> both offer free random bits via a secure REST interface.
I would prefer /dev/random, /dev/urandom and the Windows API over those
sources. Firstly receiving random strings through the internet is slow
-- too slow for many applications. Also it can fail.
But more importantly you have no control over who generates, watches and
perhaps even intercepts the stream. In many applications randomness is
worth nothing if other people have access to the random data.
The random streams from the two services you mentioned are hardly any
better for any practical purpose than what /dev/*random can provide,
especially if you use an entropyd. If cryptographic strength is
required you can just use the random stream from /dev/*random.
Otherwise I recommend seeding mersenne-random or mwc-random from
/dev/*random and using the PRNG.
Greets,
Ertugrul
--
nightmare = unsafePerformIO (getWrongWife >>= sex)
http://blog.ertes.de/
More information about the Haskell-Cafe
mailing list