[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: new PRNG's
- From: Dirk Laurie <dirk.laurie@...>
- Date: Sat, 5 May 2018 11:12:22 +0200
2018-05-05 9:23 GMT+02:00 KHMan <firstname.lastname@example.org>:
> On 5/5/2018 12:08 PM, Albert Chan wrote:
>> Reading Vigna latest xoshiro paper (section 11, conclusion),
>> next version of Lua will use xoshiro256** for math.random.
>> Is it true ?
>> Lua 5.4 ?
> IMHO, math.random is similar in purpose to C standard library's random
> function. It's pseudo-random, that's about it. It does not promise any
> quality specifications.
> Are there serious flaws that disqualifies the current implementation from
> this purpose?
> Is there a requirement for cryptographic-quality randomness? Is that a good
> idea? For what applications? If for crypto/security, is it normal for a base
> programming language library to embrace such capabilities? Shouldn't we use
> well-established libraries instead? If we crunch crypto in pure Lua,
> wouldn't a timing attack be easy?
> I just don't see the point of this topic going on and on and on.
A language whose standard math library has been stripped of functions
available on any scientific calculator (viz. asinh, acosh, atanh) dare
make no pretence of up-to-the minute standards for mathematical