isUniformRNG
Joseph Rushton Wakeling via Digitalmars-d
digitalmars-d at puremagic.com
Sun May 4 11:10:44 PDT 2014
On 04/05/14 19:42, Nick Sabalausky via Digitalmars-d wrote:
> Just a string of random bits. Effectively unsigned integers.
Ahh, OK. So in practice you can probably template it on an unsigned integral
type (which could include bool) and it'll just take the appropriate number of
bits from the stream, no ... ? Cf. what I did with /dev/urandom etc.:
https://github.com/WebDrake/std.random2/blob/master/std/random2/device.d#L122
> It's all based on SHA hashes (of seeds, internal state, and some other stuff)
> and it doesn't explicitly exclude any output values. So if SHA is working as
> expected, then yea, I'd imagine it should be a closed interval over [0,
> 2^numBitsRequested - 1] where "numBitsRequested" is permitted by the spec to be
> any positive integer.
Yea, sounds right to me.
> This is the part I've been a little unclear on, although maybe I'm just being
> paranoid about it. Doesn't a uniform distribution carry certain reliable
> statistical properties? I don't know whether that could be used to improve the
> likelihood of guessing future values. If so, then maybe the algorithm is
> designed to avoid that?
>
> Then again, wouldn't the only alternative to uniform distribution be a weighted
> distribution? I can't imagine an RNG intended for crypto would be deliberately
> weighted (unless maybe there were some randomness to the weights...if that even
> makes any sense at all).
>
> Maybe I'm just overthinking it?
Probably :-) Let's put it this way: if you think in terms of the individual
bits being generated, there obviously has to be, from the point of view of the
user of the algorithm, no way to decide which bit value is more likely, which
corresponds to a uniform distribution of individual bit values. And that in
turn will map to a uniform distribution of bit sequences of any length.
More information about the Digitalmars-d
mailing list