[Newbies] Re: Tim's Fix for LargeIntger>>AtRandom
Randal L. Schwartz
merlyn at stonehenge.com
Tue Aug 5 22:18:41 UTC 2008
>>>>> "Jerome" == Jerome Peace <peace_the_dreamer at yahoo.com> writes:
Jerome> The objection Randal raised is that now it is using too many.
Jerome> That's IMO a red herring.
No, it's not. Multiple calls to a PRNG generate correlated numbers,
which can be used for an attack.
You need to use a PRNG that in a single call gives enough bits. And
if you don't know that about PRNGs, you're not the one to be fixing this.
I talked about it in terms of entropy because that's the easiest way to see
that you're not gaining anything except the illusion of gain, which will bite
back some day. You can't get 112 bits of entropy by calling a 56-bit PRNG
twice.
It's not progress if it breaks it.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
More information about the Beginners
mailing list