Xiangrong Fang wrote on Fri, 14 Aug 2015:
2015-08-14 21:47 GMT+08:00 Jonas Maebe <jonas.ma...@elis.ugent.be>:
No PRNG is suited for that purpose, because every PRNG is by definition
predictable and you need unpredictable numbers for IVs.
Well, practically, how can I get totally unpredictable numbers?
By using /dev/urandom
Without introduce hardware source like a dongle or other devices (which is
not acceptable for my purpose), I suppose good quality PRNGs are the only
thing that I can use?
No, you cannot use PRNGs for this purpose at all.
Also, why FPC random number are not comparable to /dev/urandom? Despite
the difference in their quality and speed (if any), what's the difference
between them? especially, what are the typical use cases of these 2 PRNGs
when they are designed?
/dev/urandom is not a PRNG. It returns "real" random numbers and its
use case is for security-sensitive purposes (how reliable it is at
generating true random data, is a completely separate issue). The use
case for a PRNG like FPC's is in games, simulations and the like.
Again: all PRNG's are of the absolutely worst possible quality when
the goal is security, because no matter how good they are at bit
swizzling and regardless of how large their state is, they are 100%
predictable.
Jonas
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
