-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
*Mersenne Twister is not a cryptographic PRNG*
Hm, you're right. I didn't realize that it could be predicted after so few values. I'll re-work that part to use /dev/urandom or RtlGenRandom directly when they're available.
On systems where they're *not* available, is there a better choice of generator, given an (unpredictable) user-supplied seed value?
All the Boost.Random generators are linear and therefore insecure. Can you just use boost::random_device instead of writing your own wrapper?
I could use that instead of /dev/urandom and RtlGenRandom, but then the library wouldn't compile on systems where boost::random_device isn't available. My goal was to make something that would work regardless of whether such a device was available, and leave it up to the person using the library whether they want to continue when it isn't. So again, given that it's going to be less secure, is there a better choice than the Mersenne Twister for systems where no random device is available? - -- Chad Nelson Oak Circle Software, Inc. * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkutRw0ACgkQp9x9jeZ9/wQyIQCeP8BfUKt6YdOvLevvgmOt/3hN EY0An39R6usHl189H0mjUwsyo5yvqaVf =nzKd -----END PGP SIGNATURE-----