On 5/4/2014 2:10 PM, Joseph Rushton Wakeling via Digitalmars-d wrote:
On 04/05/14 19:42, Nick Sabalausky via Digitalmars-d wrote:
Just a string of random bits. Effectively unsigned integers.
Ahh, OK. So in practice you can probably template it on an unsigned
integral type (which could include bool) and it'll just take the
appropriate number of bits from the stream, no ... ? Cf. what I did
with /dev/urandom etc.:
https://github.com/WebDrake/std.random2/blob/master/std/random2/device.d#L122
Well, Hash_DRBG isn't really a normal stream since, based on my reading
of its spec, it sounds like (for example) requesting one byte four times
will give a different result than requesting four bytes all at once
(assuming you're starting from the same internal state and there's no
reseeding).
But aside from that minor detail, yes, that's essentially correct. And
much like /dev/(u)random, you could even make the number of bytes/bits
requested a per-call runtime parameter (although that would diverge from
the existing std.random interfaces and would require either allocating
or taking an output sink, so I don't know whether I'll bother).
Then again, wouldn't the only alternative to uniform distribution be a
weighted
distribution? I can't imagine an RNG intended for crypto would be
deliberately
weighted (unless maybe there were some randomness to the weights...if
that even
makes any sense at all).
Maybe I'm just overthinking it?
Probably :-) Let's put it this way: if you think in terms of the
individual bits being generated, there obviously has to be, from the
point of view of the user of the algorithm, no way to decide which bit
value is more likely, which corresponds to a uniform distribution of
individual bit values. And that in turn will map to a uniform
distribution of bit sequences of any length.
Yea. Plus, this doc about testing these crypto PRNGs...
http://csrc.nist.gov/groups/ST/toolkit/rng/documents/SP800-22rev1a.pdf
...does mention the importance of "uniformity".
So I think it's probably safe to figure this is a uniform distribution
unless some expert chimes in and says otherwise.
Thanks for the help.
