-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steven Watanabe said:
All the Boost.Random generators are linear and therefore insecure. Can you just use boost::random_device instead of writing your own wrapper?
You didn't mention that boost::random_device is only available for Linux and BSD. As I didn't realize this until I had redesigned XInt's system to use it and was updating the documentation, it was an unpleasant surprise. Like it or not, most people still run Windows, and will for the foreseeable future. And since all versions of Windows since XP *do* provide a cryptographically-secure random number generator, there's no valid reason that XInt shouldn't support it. (There may be a reason why Boost.Random shouldn't, since the device isn't available on older versions of Windows, and the specification for boost::random_device explicitly says that it should only be defined on systems that provide such a device. Although Linux didn't provide it until kernel version 1.3.30 either, only seven years before XP was released.) However, I've redesigned XInt's random number system. It will now work with any of the Boost.Random-supplied generators (including random_device where available). I also added a strong_random_generator class, similar to random_device but which also works for Windows. It still defaults to a Mersenne Twister seeded with the time if no generator is provided, but that's a deliberate feature, not a bug. :-) These will be in the second iteration, which I'll post within the week if all goes well. - -- Chad Nelson Oak Circle Software, Inc. * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuuoAcACgkQp9x9jeZ9/wQiOQCdHBVaLbGRRCQu+OwP5hRSuB/e b/sAnjKkm67fkdUr1lLjJjisbmERg4jQ =yh2i -----END PGP SIGNATURE-----