On 04/05/14 19:42, Nick Sabalausky via Digitalmars-d wrote:
Just a string of random bits. Effectively unsigned integers.
Ahh, OK. So in practice you can probably template it on an unsigned integral type (which could include bool) and it'll just take the appropriate number of bits from the stream, no ... ? Cf. what I did with /dev/urandom etc.:
https://github.com/WebDrake/std.random2/blob/master/std/random2/device.d#L122
It's all based on SHA hashes (of seeds, internal state, and some other stuff) and it doesn't explicitly exclude any output values. So if SHA is working as expected, then yea, I'd imagine it should be a closed interval over [0, 2^numBitsRequested - 1] where "numBitsRequested" is permitted by the spec to be any positive integer.
Yea, sounds right to me.
This is the part I've been a little unclear on, although maybe I'm just being paranoid about it. Doesn't a uniform distribution carry certain reliable statistical properties? I don't know whether that could be used to improve the likelihood of guessing future values. If so, then maybe the algorithm is designed to avoid that? Then again, wouldn't the only alternative to uniform distribution be a weighted distribution? I can't imagine an RNG intended for crypto would be deliberately weighted (unless maybe there were some randomness to the weights...if that even makes any sense at all). Maybe I'm just overthinking it?
Probably :-) Let's put it this way: if you think in terms of the individual bits being generated, there obviously has to be, from the point of view of the user of the algorithm, no way to decide which bit value is more likely, which corresponds to a uniform distribution of individual bit values. And that in turn will map to a uniform distribution of bit sequences of any length.
