[fpc-pascal] quality of FPC random

Jonas Maebe jonas.maebe at elis.ugent.be
Fri Aug 14 16:41:03 CEST 2015


Xiangrong Fang wrote on Fri, 14 Aug 2015:

> 2015-08-14 21:47 GMT+08:00 Jonas Maebe <jonas.maebe at elis.ugent.be>:
>
>> No PRNG is suited for that purpose, because every PRNG is by definition
>> predictable and you need unpredictable numbers for IVs.
>
> ​Well, practically, how can I get totally unpredictable numbers?

By using /dev/urandom

> Without introduce hardware source like a dongle or other devices (which is
> not acceptable for my purpose), I suppose good quality PRNGs​ are the only
> thing that I can use?

No, you cannot use PRNGs for this purpose at all.

> ​Also, why FPC random number are not comparable to /dev/urandom?  Despite
> the difference in their quality and speed (if any), what's the difference
> between them? especially, what are the typical use cases of these 2 PRNGs
> when they are designed?​

/dev/urandom is not a PRNG. It returns "real" random numbers and its  
use case is for security-sensitive purposes (how reliable it is at  
generating true random data, is a completely separate issue). The use  
case for a PRNG like FPC's is in games, simulations and the like.

Again: all PRNG's are of the absolutely worst possible quality when  
the goal is security, because no matter how good they are at bit  
swizzling and regardless of how large their state is, they are 100%  
predictable.


Jonas




More information about the fpc-pascal mailing list