-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
So again, given that it's going to be less secure, is there a better choice than the Mersenne Twister for systems where no random device is available?
Why not simply accept a Boost.Random (P)RNG, so the users can decide how random they want it to be? If you provide something that you expect will be used for security, it's a *feature* for it to fail when there's no CRNG available.
I started answering this by defending my current design, on the argument that it's easier to use than one that requires the user to know about random number generators himself. But after thinking about it, I *could* provide a plug-in interface to whatever RNG the user wants to use, and simply default to a less secure (but always available) RNG. That should satisfy all camps -- those who need cryptographically-secure RNGs can plug them in, and those who don't care can use the default RNG and never worry about it. I'll put that on the to-do list for the next iteration. - -- Chad Nelson Oak Circle Software, Inc. * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuthv0ACgkQp9x9jeZ9/wT1XwCeNf2uly1FC6xrMIIMP1BSZIBA +u0AnRi661xGaOTQ2UiGIDBelMme6X1V =1XOp -----END PGP SIGNATURE-----