(Hey Rob, long time no Smalltalk!)
I suggest some changes we did in Cuis. First, for Park-Miller you can do a small change to #initialize, insert a hashMultiply somewhere when initializing the seed. I did experiments in Cuis, drawing histograms to see if it looks like a uniform distribution, and ended up doing something like seed _ (Time millisecondClockValue + self identityHash) hashMultiply \ m
Another issue with Random that we addressed in Cuis is related to the bit size of each output. Random>>nextValue returns Floats with 31 random bits (or 30). It doesn't return a uniformly distributed Float between 0 and 1 (some Float values don't have a chance to be output). Similarly, Random>>nextInt: n will not really return an integer between 1 and n if n is large enough, for example (1 << 64) atRandom returns always odd integers (not very random uh).
So I suggest to think of Random as a generator of random "bits" or "blocks of bits", and to generate a Float it should actually build it from 52 randomly generated bits (to fill out the mantissa), and nextInt: n should also be implemented from random bits (or chunks of bits).
On Wed, May 18, 2016 at 11:25 PM, Robert Withers <robert.w.withers@gmail.com
wrote:
Thanks for cc-ing me. I don't have much exposure to random, so I am cc-ing the Cryptography list, in hopes they might help. This doesn't very random, you're right. Here were Peter's questions:
My questions:
- do we really want to have global fixed seed?
- Random new should actually setup a usable seed so I don't need to first
run it N times before I can use the value 3) Should we switch to what UUIDGenerator is using… reading /dev/urandom for the initial seed setup?
Rob
On 05/18/2016 07:05 PM, Peter Uhnák wrote:
Hi,
(cc-ing Robert Withers as he seems to be working with cryptography and security... as this seems related and may have some implications, but I am likely wrong about the implications)
yesterday I've encountered a very surprising behavior
I executed the same script `10 atRandom` on the same image without saving it and got the same output:
while true; do pharo-vm --nodisplay latest.image --no-default-preferences eval '10 atRandom' done 10 10 10 10 10 10
Not so random… not random at all.
Apparently the default random generator uses SharedRandom pool, that is initialized only once… so every time you start an image you get the EXACT same random seed... I think this is stupid, and I am not sure what are the security implications of this (e.g. when opening an SSL connection… having fixed world-wide initial seed seems like an awful, awful idea), but whatever…
So instead I tried to explicitly specify the Random generator… which I can do
while true; do pharo-vm --nodisplay latest.image --no-default-preferences eval '10 atRandom: Random new' done 5 5 5 5 5
Still not random… what?
while true; do pharo-vm --nodisplay latest.image --no-default-preferences eval 'Random new instVarNamed: #seed' done 426306047 426305545 426305546 426306010
So the seed is different but thanks to the magic of masking the seed, I always get the same first several bits… thus the same result for small numbers.
So if I actually want what seems like a random value… I have to at least once run the generator…
while true; do pharo-vm --nodisplay latest.image --no-default-preferences eval '10 atRandom: (Random new next; yourself)' done 7 3 4 9 6 7
Once I start to use it the properties of the algo kick in so it's pseudo-random… but I need to run it once to initialize it, which is wtf.
My questions:
- do we really want to have global fixed seed?
- Random new should actually setup a usable seed so I don't need to first
run it N times before I can use the value 3) Should we switch to what UUIDGenerator is using… reading /dev/urandom for the initial seed setup?
Peter
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography