[fpc-pascal] quality of FPC random

Mark Morgan Lloyd markMLl.fpc-pascal at telemetry.co.uk
Mon Aug 17 10:53:26 CEST 2015

Michael Schnell wrote:
> On 08/14/2015 04:38 PM, Mark Morgan Lloyd wrote:
>> It seeds itself with "entropy" from the intervals between LAN packets, 
>> intervals between typed characters and so on.
> Unfortunately "Randomize" (in Linux in "System") just does
> randseed:=longint(Fptime(nil));
> if it would use /dev/urandom, the rand() would be as unpredictable as 
> /dev/urandom unless you fetch more more than some 2 Gig numbers
> But I suppose you can set randseed in user code, as well, if you want to.

I agree, with the caveat that if you read /dev/urandom you can't be sure 
that there's enough accumulated entropy to give you a good seed, while 
if you read /dev/random it will block for an indeterminate time- neither 
of which are desirable behaviours in startup code. A compromise is for a 
program to wait until it knows it's generated enough entropy (LAN 
accesses or whatever), and at that point to reseed its random number 
generator, and that obviously suggests leaving the existing code unchanged.

In the past, I've seen people who should have known better caught by 
Turbo Pascal's inadequate random number generator, and there's still 
people trying to undo some of the damage caused by RANDU. These days, 
there's very little excuse for anybody "skilled in the art" to not 
understand that the random number facility in most languages' default 
libraries is not crypto grade, and that it is barely adequate for 
academic-grade simulations.

Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

More information about the fpc-pascal mailing list