Library_submissions and Call for Maintainers

Thomas DuBuisson thomas.dubuisson at
Sun Mar 1 05:30:11 UTC 2015

On Sat, Feb 28, 2015 at 8:39 PM, Edward Kmett <ekmett at> wrote:
> * random
> We've had some truly excellent work done over the last couple of years on
> how to deal with "splitting" a random number generator in a
> cryptographically sound manner. I spent some time cleaning up a few
> outstanding issues for this package personally over the summer, but have not
> had nearly enough time to devote to the issue of how to integrate the
> outcome of the recent research on splitting, while simultaneously caring
> about performance and soundness.

'random' has been on bad-footing for a while in terms of API and
functionality.  I can re-produce my issues if desired, but a core
question seems to be acceptability.  Is tf-random not pleasing to
enough people? Or the splitting is too slow?  I don't currently know
of any users who want high performing _and_ cryptographically sound
generators, though that would be great to have.  I am only currently
aware of cryptographic PRNGs with slow (ish) split times and
statistically decent PRNGs with good split times.

I've had to fix two commercial projects now that had used StdGen so
I'm willing to do significant work getting a PRNG with both properties
if we can quantify the performance requirements.  So far my best
options appear to be tf-random or a 800-90 style CTR DRBG that's
computes large buffers resulting in high memory use and decent
_amortized_ performance (including split).


More information about the Libraries mailing list