std.random suggestions
Mindy (0xEAB)
desisma at heidel.beer
Thu Apr 23 13:37:25 UTC 2026
On Monday, 22 September 2025 at 09:43:20 UTC, Denis Feklushkin
wrote:
>>> At system level, there might be multiple options available —
>>> depending on factors like the OS version (like Linux kernels
>>> older than the `getrandom` syscall, or Windows that has two
>>> crypto APIs where the supported parameters have also changed
>>> over time) or the runtime environment (think of chroots
>>> without `/dev/`).
>
> Forgot to add: these options should not be selected
> automatically based on some heuristics. Because we know exactly
> the minimum level of quality of random numbers that we are
> willing to agree to.
`std.internal.entropy` has no low quality options.
Also, these heuristics are less “heuristic” than you might think.
The quality issues stem from certain shenanigans found in
`unpredictableSeed` (and only that API!).
The main reason for the security warning is the lack of a proper
audit by a cryptographer.
More information about the Digitalmars-d
mailing list