[Squeakfoundation]Two fixes I would like!
goran.hultgren@bluefish.se
squeakfoundation@lists.squeakfoundation.org
Tue, 3 Dec 2002 20:52:46 +0100
Luciano Notarfrancesco <lnotarfrancesco@yahoo.com> wrote:
> Hi Cees,
>
> --- Cees de Groot <cg@cdegroot.com> wrote:
> > Fixing Random is more involved. Among others, the
> > fix uses the sound input as
> > a random source, which takes quite a bit of time -
> > acceptable for once every
> > 100,000 UUID's, not acceptable for general random
> > number generation.
> >
>
> Right. Keep in mind that the numbers generated with a
> Random are not cryptographicaly secure, and Random was
> never intended for use in applications that require a
> secure PRNG. That's why I wouldn't care to use a very
> good source of randomness for initializing Random.
> What we want is to ensure that two running images will
> not likely generate the same random numbers, and that
> can be done reinitializing the seeds from the
> millisecond clock, the current time and date, the
> author initials, etc, every time an image is started.
>
> I recently published the Cryptography package
> (http://map2.squeakfoundation.org/sm/package/b7129b1c-c301-4af6-ac3d-c624257f060a),
> and it includes a RandomPool and a SecureRandom. This
> package is still very alpha, but I believe this is the
> way to go for real security (which most applications
> don't require).
>
> Peace,
> Luciano.-
Ok, then I take it that the fix is OK. Sure, it doesn't repair "Random"
but Random should be fast and have a good class comment explaining its
shortcomings and prehaps refer to the Crypto package.
Thanks for clearing it up.
regards, Göran