Of the use of unpredictableSeed

Nick Sabalausky (Abscissa) via Digitalmars-d digitalmars-d at puremagic.com
Sun Mar 5 20:43:22 PST 2017 

On 03/05/2017 07:25 PM, H. S. Teoh via Digitalmars-d wrote:
> On Sun, Mar 05, 2017 at 10:30:29AM -0500, Andrei Alexandrescu via Digitalmars-d wrote:
> [...]
>> Another good thing pointed by the article would be to use the Mersenne
>> twister for unpredictableSeed, which would make it difficult to infer
>> the sequence from a few samples. Please share if that would be a good
>> thing to do.
> [...]
>
> Wait, isn't that missing the point?
>
> I thought the whole point of the article was that you shouldn't be using
> unpredictableSeed as your PRNG.  It's only supposed to give a
> random-enough value to get your chosen PRNG into a (hopefully)
> unpredictable initial state. But you should be using values from the
> PRNG, not from unpredictableSeed!  Otherwise that's totally missing the
> point.
>
> It's possible to use unpredictableSeed for occasionally reseeding your
> PRNG, but that should be quite infrequent.  If you find yourself
> reseeding your PRNG every other minute, or worse, every time you call
> your PRNG, then you're doing something very, very wrong.
>
> Using the Mersenne twister to generate unpredictableSeed seems to me to
> be completely backwards.  It should be the other way round: the value of
> unpredictableSeed should be random enough to be suitable for seeding a
> Mersenne twister algorithm, so that it will start off the algorithm in a
> random initial state (and you should be getting values from the
> algorithm thereafter, not from unpredictableSeed).

Well, the big point is that nothing involving seeds should come near 
anything security-releated. Then secondly, (like you say) don't use any 
initial-seed-getter *as* an RNG.

But that aside, *if*[1] we do want to increase the entropy in 
unpredictableSeed, we should use /dev/(u)random and _RtlGenRandom. Like 
you say, anything less is kinda missing the point (unless someone can 
argue the current one is insufficient for non-security randomization).

[1] And I'm not sure we necessarily do want to. Current 
unpredictableSeed seems good enough as-is for non-security purposes, and 
we don't want to give people more reason to erroneously think it's ok to 
use unpredictableSeed for salts, tokens and the like.

More information about the Digitalmars-d mailing list