[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: new PRNG's
- From: Roberto Ierusalimschy <roberto@...>
- Date: Mon, 7 May 2018 10:19:39 -0300
> Absent such flaws, one or more PRNGs qualifies, and one would
> presumably be chosen at the pleasure of Team Lua. A focus on the
> output quality in terms of crypto randomness tests may extend too
> far into quality concerns that is not specified by math.random. A
> pursuit of the 'bestest' implementation by the community here is
> laudable, but it seems a little like a pursuit of perfection that
> can be grasped only fleetingly.
>
> What is the perfect choice for today may change in the future.
> Security research will progress and a few years down the line, who
> knows what may turn up. Weak keys, exploits, better algos, etc.
>
> (Many things that need really high-quality random numbers may not
> need PRNGs that much these days. E.g. about all IoT chips with
> crypto hardware will feature a true random number generator.)
The problem seems to be that you are viewing the base case as
xorshift128plus, while we see the base case as 'rand'/'random'.
What is present today in the latest release of Lua is 'rand'/'random',
not xorshift128plus. xorshift128plus went only into a working version.
If we see the base case as 'rand'/'random', which is what Lua
programmers have now, I guess we agree that it is a good idea to
change. If we are going to change, and there are competing options 1 and
2 where 2 is slightly better than 1, why to change to 1?
-- Roberto