lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 5/7/2018 9:19 PM, Roberto Ierusalimschy wrote:
Absent such flaws, one or more PRNGs qualifies, and one would
presumably be chosen at the pleasure of Team Lua. A focus on the
output quality in terms of crypto randomness tests may extend too
far into quality concerns that is not specified by math.random. A
pursuit of the 'bestest' implementation by the community here is
laudable, but it seems a little like a pursuit of perfection that
can be grasped only fleetingly.

What is the perfect choice for today may change in the future.
Security research will progress and a few years down the line, who
knows what may turn up. Weak keys, exploits, better algos, etc.

(Many things that need really high-quality random numbers may not
need PRNGs that much these days. E.g. about all IoT chips with
crypto hardware will feature a true random number generator.)

The problem seems to be that you are viewing the base case as
xorshift128plus, while we see the base case as 'rand'/'random'.

What is present today in the latest release of Lua is 'rand'/'random',
not xorshift128plus. xorshift128plus went only into a working version.
If we see the base case as 'rand'/'random', which is what Lua
programmers have now, I guess we agree that it is a good idea to
change. If we are going to change, and there are competing options 1 and
2 where 2 is slightly better than 1, why to change to 1?

There is no problem, only a minor impedance matching issue in communications. All is good. :-) :-P


--
Cheers,
Kein-Hong Man (esq.)
Selangor, Malaysia