[Python-ideas] Should our default random number generator be secure?
Robert Kern
robert.kern at gmail.com
Thu Sep 10 19:41:39 CEST 2015
On 2015-09-10 04:56, Nathaniel Smith wrote:
> On Wed, Sep 9, 2015 at 8:35 PM, Tim Peters <tim.peters at gmail.com> wrote:
>> There are some clean and easy approaches to this based on
>> crypto-inspired schemes, but giving up crypto strength for speed. If
>> you haven't read it, this paper is delightful:
>>
>> http://www.thesalmons.org/john/random123/papers/random123sc11.pdf
>
> It really is! As AES acceleration instructions become more common
> (they're now standard IIUC on x86, x86-64, and even recent ARM?), even
> just using AES in CTR mode becomes pretty compelling -- it's fast,
> deterministic, provably equidistributed, *and* cryptographically
> secure enough for many purposes.
I'll also recommend the PCG paper (and algorithm) as the author's cross-PRNGs
comparisons have been bandied about in this thread already. The paper lays out a
lot of the relevant issues and balances the various qualities that are
important: statistical quality, speed, and security (of various flavors).
http://www.pcg-random.org/paper.html
I'm actually not that impressed with Random123. The core idea is nice and clean,
but the implementation is hideously complex.
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Python-ideas
mailing list