unpredictableSeed

[Jerome BENOIT]

On 03/03/13 10:06, Johannes Pfau wrote:
> Am Sun, 03 Mar 2013 09:58:41 +0100
> schrieb "Ivan Kazmenko"<gassa at mail.ru>:
>
>>> Can anyone advise on the theoretical basis for the
>>> unpredictableSeed method in std.random?  I've tried googling
>>> around for the theory of good thread-safe seed generation
>>> methods but haven't really found anything. :-(
>>
>> I have to ask: what would be a good unpredictableSeed by
>> definition?  With the current implementation, three downsides
>> come to my mind:
>>
>> 1. Process ID, thread ID and system tick are insecure sources of
>> randomness and can provide just a few bits of randomness in
>> certain situations.  I don't know how to address this in a
>> portable way.
>>
>> 2. Once we know the first seed, it is easy to predict all
>> subsequent seeds.  A solution would be to use a secure RNG
>> instead, not just the one which gives away its state.
>>
>> 3. It would be a particularly bad idea to initialize MinstdRand0
>> instances with consecutive unpredictableSeeds and then consider
>> them independent.  This is just a consequence of a particular
>> choice of RNG on the previous step.
>>
>> So, which of these do you consider the real problems, and what
>> more do you need from unpredictableSeed?
>>
>> -----
>> Ivan Kazmenko.
>
> Maybe it would make sense to use /dev/random where available? (The
> problem is that /dev/random can block. On small embedded systems
> without monitor/mice/keyboard this can happen easily)

/dev/urandom can be used if /dev/random is block:
the available entropy can be used as criterion:
/proc/sys/kernel/random/entropy_avail

Since a very long while I have written a piece of C code to do so and to read
from an environment dedicated environment variable in view to reproduce the
generated sequences if necessary (mainly debugging):
I use it intensively for numerical experiences and it works very well.

Jerome