To those writing programming language benchmarks: Stop benchmarking rand(). You are hurting security by penalizing default CSPRNG use.
-
-
csPRNGs are seedable...
-
If the seed API takes a 32- or 64-bit input, it's not a csPRNG because there are only 2^32 or 2^64 possible sequences.
-
You can feed a csPRNG with as few bits as you right. It won't be secure if you seed it but this has no impact on unseeded use (or seeding with a wider seed)
-
In best-known example (C), the only seeding API takes unsigned int (basically always 32-bit or less) and if it's not called the default seed of 1 is mandated.
-
Yeah, I guess C rand() is impossible to really secure. (I originally wrote Math.random() in there…maybe should have kept it that way) :)
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.