Java developers should at least use SecureRandom that comes as part of the JDK libraries. If you are interested in using different PRNGs, check out the high quality Colt library at http://hoschek.home.cern.ch/hoschek/colt/ --Jeff Jeff Williams jeff.williamsat_private Aspect Security, Inc. www.aspectsecurity.com ----- Original Message ----- From: Skip Carter To: secprogat_private Sent: Wednesday, December 04, 2002 1:39 PM Subject: Re: Secure random ID generation >> Not all systems have a /dev/random. > secure, portale (ie userland) entropy gathering daemons exist. however, > most languages have some form of a PRNG. its a lot easier than trying to > write your own. Unfortunately, NO language specifies the algorithm to be used for the PRNG in its libraries. For any but the most trivial purposes you should supply an external generator. Rolling your own, in the sense of making something up and implementing it is also a bad idea. The proper thing to do is to use a library that provides, or implement, a standard algorithm that has been tested thouroughly and reviewed to be appropriate for your application. Also there is no universally appropriate PRNG, different applications have different demands. (see: http://www.taygeta.com/random/example.html for an example of things going wrong with an unsuitable PRNG in stochastic calculus). -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skipat_private 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940
This archive was generated by hypermail 2b30 : Wed Dec 04 2002 - 13:41:05 PST