On 06/12/2015 03:15 AM, Michael Titke wrote: > In my understanding the pseudo random number generator is deterministic. > That means for the same input seed /random/ will always return the same > value. This is why one usually has to set a new state for each call of > random.
If you're generating randomness for cryptographic purposes, e.g. generation of passwords, you should ABSOLUTELY NOT use Racket's (random). The built-in random number generator is not a cryptographically strong PRNG. Instead, simply read the desired number of bits from /dev/urandom. Do not use (random) at all. > In the current implementation I get a one byte value from the entropy > pool via the device "/dev/urandom". One byte has 256 possibilities. Now > that already is true randomness but I have to map it onto a character > set of 65 possible output characters. The correct way to choose at random from 65 distinct possibilities using /dev/urandom is: 1 read one byte 2 mask it with #b1111111, the smallest one-less-than-power-of-two larger than the range. (This optimization step is optional.) 3 if the result is greater than or equal to 65, then loop back to step 1. 4 otherwise, the result will have been drawn uniformly at random from the range 0-64 inclusive. > But to be able to use true randomness with Racket's random Racket's (random) will *never* produce randomness usable in a cryptographic application. Cheers, Tony -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
