[fpc-pascal] quality of FPC random
Mark Morgan Lloyd
markMLl.fpc-pascal at telemetry.co.uk
Mon Aug 17 10:53:26 CEST 2015
Michael Schnell wrote:
> On 08/14/2015 04:38 PM, Mark Morgan Lloyd wrote:
>>
>> It seeds itself with "entropy" from the intervals between LAN packets,
>> intervals between typed characters and so on.
>>
> Unfortunately "Randomize" (in Linux in "System") just does
>
> randseed:=longint(Fptime(nil));
>
> if it would use /dev/urandom, the rand() would be as unpredictable as
> /dev/urandom unless you fetch more more than some 2 Gig numbers
>
> But I suppose you can set randseed in user code, as well, if you want to.
I agree, with the caveat that if you read /dev/urandom you can't be sure
that there's enough accumulated entropy to give you a good seed, while
if you read /dev/random it will block for an indeterminate time- neither
of which are desirable behaviours in startup code. A compromise is for a
program to wait until it knows it's generated enough entropy (LAN
accesses or whatever), and at that point to reseed its random number
generator, and that obviously suggests leaving the existing code unchanged.
In the past, I've seen people who should have known better caught by
Turbo Pascal's inadequate random number generator, and there's still
people trying to undo some of the damage caused by RANDU. These days,
there's very little excuse for anybody "skilled in the art" to not
understand that the random number facility in most languages' default
libraries is not crypto grade, and that it is barely adequate for
academic-grade simulations.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
More information about the fpc-pascal
mailing list