[Squeakfoundation]Two fixes I would like!
Tue, 3 Dec 2002 20:52:46 +0100
Luciano Notarfrancesco <firstname.lastname@example.org> wrote:
> Hi Cees,
> --- Cees de Groot <email@example.com> wrote:
> > Fixing Random is more involved. Among others, the
> > fix uses the sound input as
> > a random source, which takes quite a bit of time -
> > acceptable for once every
> > 100,000 UUID's, not acceptable for general random
> > number generation.
> Right. Keep in mind that the numbers generated with a
> Random are not cryptographicaly secure, and Random was
> never intended for use in applications that require a
> secure PRNG. That's why I wouldn't care to use a very
> good source of randomness for initializing Random.
> What we want is to ensure that two running images will
> not likely generate the same random numbers, and that
> can be done reinitializing the seeds from the
> millisecond clock, the current time and date, the
> author initials, etc, every time an image is started.
> I recently published the Cryptography package
> and it includes a RandomPool and a SecureRandom. This
> package is still very alpha, but I believe this is the
> way to go for real security (which most applications
> don't require).
Ok, then I take it that the fix is OK. Sure, it doesn't repair "Random"
but Random should be fast and have a good class comment explaining its
shortcomings and prehaps refer to the Crypto package.
Thanks for clearing it up.