unpredictableSeed

[Johannes Pfau]

Am Sun, 03 Mar 2013 09:58:41 +0100
schrieb "Ivan Kazmenko" <gassa at mail.ru>:

> > Can anyone advise on the theoretical basis for the 
> > unpredictableSeed method in std.random?  I've tried googling 
> > around for the theory of good thread-safe seed generation 
> > methods but haven't really found anything. :-(
> 
> I have to ask: what would be a good unpredictableSeed by 
> definition?  With the current implementation, three downsides 
> come to my mind:
> 
> 1. Process ID, thread ID and system tick are insecure sources of 
> randomness and can provide just a few bits of randomness in 
> certain situations.  I don't know how to address this in a 
> portable way.
> 
> 2. Once we know the first seed, it is easy to predict all 
> subsequent seeds.  A solution would be to use a secure RNG 
> instead, not just the one which gives away its state.
> 
> 3. It would be a particularly bad idea to initialize MinstdRand0 
> instances with consecutive unpredictableSeeds and then consider 
> them independent.  This is just a consequence of a particular 
> choice of RNG on the previous step.
> 
> So, which of these do you consider the real problems, and what 
> more do you need from unpredictableSeed?
> 
> -----
> Ivan Kazmenko.

Maybe it would make sense to use /dev/random where available? (The
problem is that /dev/random can block. On small embedded systems
without monitor/mice/keyboard this can happen easily)