[Haskell-cafe] Cryptographically secure random numbers?

Thomas DuBuisson thomas.dubuisson at gmail.com
Sun Oct 5 17:21:47 UTC 2014

I've reviewed a few of the crypto RNGs on my blog:


- DRBG (disclaimer: my package)
Three generators, HMAC, Hash, and CTR.  All standards based and all
using the Crypto.Random class interface from crypto-api.

- cprng-aes
One generator, afaict its an ad hoc creation of the author.

- intel-aes
Another ad hoc creation, but its more straight-forward (AES in counter
mode) and has impressive performance.

> Ideally, I'd like to fulfill as many of these points as possible:
> - Few big/complicated dependencies.

True for threse packages, though my DRBG package does pull in crypto-api.

> - Avoid native C if possible (ditto for non-base dependencies).

Avoid native C or avoid external C libraries?  The DRBG generators
could be paired with Adam's SHA package or Vincent's Haskell AES to
give you a Haskell-only generator, but it will be slower than using
the C implementations of AES or SHA2.  This seems like a rather odd

> - Avoid RDRAND if possible.

That's about the seed and not the generator.  The `entropy` package
now produces data that is an xor of urandom (or Windows cryptapi) and
RDRAND (when available).  RDRAND can be completely disabled by a flag
in the cabal.

I'm not sure what the `crypto-random` package does here, which is the
entropy source typically used by `cprng-aes`, but I'd avoid it just
because its lack of referential transparency.

> - Cross-platform if possible, but the main platform would be Linux.

I think all of these are cross platform and in the past all the
authors have been fairly responsive so send in any issues.


More information about the Haskell-Cafe mailing list