lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 5/5/2018 12:08 PM, Albert Chan wrote:
Reading Vigna latest xoshiro paper (section 11, conclusion),
next version of Lua will use xoshiro256** for math.random.

Is it true ?
Lua 5.4 ?

IMHO, math.random is similar in purpose to C standard library's random function. It's pseudo-random, that's about it. It does not promise any quality specifications.

Are there serious flaws that disqualifies the current implementation from this purpose?

Is there a requirement for cryptographic-quality randomness? Is that a good idea? For what applications? If for crypto/security, is it normal for a base programming language library to embrace such capabilities? Shouldn't we use well-established libraries instead? If we crunch crypto in pure Lua, wouldn't a timing attack be easy?

I just don't see the point of this topic going on and on and on.

Kein-Hong Man (esq.)
Selangor, Malaysia