>Peter Bortas wrote: >>o The random(), random_string() and random_seed() might be more random > >> On computers with a hardware pseudo random generator random() can >> return significantly more random numbers, however, this means that >> random_seed is a no-op on those machines. > >That would mean that it becomes impossible to generate an identical >random stream using the same random_seed between different runs or >between different architectures. > >I'd say it would be prudent to switch to a predictable >pseudo-random-sequence as soon as someone has called random_seed() with >a non-zero parameter. If random_seed() is not being called, then >it does not matter, and faster and more random is better. >
With the cryptographic work that has happened over the past year or two I think the road ahead should be to just use /dev/random for random()/random_string() for a slow but secure random source, and deprecate random_see(). If you have any additional requirements like predictable or fast you need to explicitly pick that. I have made a few drafts of this already, but there needs to be an interface class implemented in C to access the _random lfun.
