[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Finding Nemo's random seed

On 09/06/2017 07:10 AM, Henry Baker wrote:

> Two words: functional programming.
> Another two words: no sympathy.

They deserve *some* sympathy.  Everybody has learning experiences, and
learning experiences are often painful.  But if they have the same
learning experience again, they deserve no sympathy whatsoever.

There's almost always a library call that specifies a pseudo-random
stream - that the same sequence will be generated from the same input.
It is almost never guaranteed stable.  They don't specify what
generator, they don't give the parameters, and they don't give test
vectors.  In subsequent versions, in different environments, with
different sets of dll's or shared objects, they can fulfill what the
library documentation promises by giving you a *different* sequence
that's repeatable in *that* environment.

If you need stable repeatable sequences, eg, for documents that may be
read elsewhere or later or by a different version, or even by the same
version as compiled in a different build configuration, it's just plain
dumb to rely on a library call unless they specifically promise
stability. Otherwise version-stable PRNG sequences are
application-specific, and the PRNG has to be part of the application
source code.


Attachment: signature.asc
Description: OpenPGP digital signature

The cryptography mailing list
cryptography AT metzdowd.com