create-random-string revisited
Ron Garret
ron at flownet.com
Sun Oct 27 23:06:44 UTC 2013
Whether or not ironclad is necessary, or even acceptable, really depends on what your requirements are. The best pseudo-random number generator in the world might be completely unacceptable in a crypto application if you don't seed it with enough entropy. Likewise, a quantum-mechanical source of true randomness might be completely unacceptable for a monte-carlo simulation if the bandwidth isn't high enough.
On Oct 27, 2013, at 3:16 PM, Bill St. Clair wrote:
> Seems like a mighty big hammer for something that for most of us will be a few READ-BYTEs from /dev/urandom. Windows is harder than that (calls to a couple of foreign functions in the advapi32 library), but still nowhere near as much as all of Ironclad.
>
> Bill
>
>
> On Sat, Oct 26, 2013 at 2:09 PM, Hans Hübner <hans.huebner at gmail.com> wrote:
> I think a dependency on ironclad would be okay. If anyone has a different opinion, please speak up.
>
> -Hans
>
>
> 2013/10/26 Sabra Crolleton <sabra.crolleton at gmail.com>
> Quite awhile ago I proposed strengthening create-random-string with something that required cl-ssl as a dependency and it was correctly pointed out that some implementations do not play well with cl-ssl. Would using the strong-random function from ironclad be acceptable? E.g.
>
> (defun create-random-string (&optional (n 10) (base 16))
>
>
>
>
>
> "Creates a random string using ironclad's strong-random function with base BASE and N digits"
> (setf crypto:*prng* (crypto:make-prng :fortuna))
>
>
>
>
>
> (subseq (with-output-to-string (s)
>
> (loop for i to n do
>
> (format s "~VR" base
> (ironclad:strong-random 100000000000))))
>
>
>
>
>
> 0 n))
>
>
> Sabra
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20131027/b1df16c8/attachment.html>
More information about the Tbnl-devel
mailing list