[Squeakfoundation]Two fixes I would like!

Luciano Notarfrancesco squeakfoundation@lists.squeakfoundation.org
Tue, 3 Dec 2002 11:38:05 -0800 (PST)


Hi Cees,

--- Cees de Groot <cg@cdegroot.com> wrote:
> Fixing Random is more involved. Among others, the
> fix uses the sound input as
> a random source, which takes quite a bit of time -
> acceptable for once every
> 100,000 UUID's, not acceptable for general random
> number generation.
> 

Right. Keep in mind that the numbers generated with a
Random are not cryptographicaly secure, and Random was
never intended for use in applications that require a
secure PRNG. That's why I wouldn't care to use a very
good source of randomness for initializing Random.
What we want is to ensure that two running images will
not likely generate the same random numbers, and that
can be done reinitializing the seeds from the
millisecond clock, the current time and date, the
author initials, etc, every time an image is started.

I recently published the Cryptography package
(http://map2.squeakfoundation.org/sm/package/b7129b1c-c301-4af6-ac3d-c624257f060a),
and it includes a RandomPool and a SecureRandom. This
package is still very alpha, but I believe this is the
way to go for real security (which most applications
don't require).

Peace,
Luciano.-

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com