Re: RNG Test: Code to generate Diehard file in Euphoria
On Thu, 17 Feb 2000, Everett Williams wrote:
> Robert Craig wrote:
>
> >Joel H. Crook writes:
> >
> >> Maybe RDS might like to weigh in and state the
> >> source and/or type of RNG that is coded into Euphoria.
> >
> >I got the algorithm from a paper that was published about
> >10 years ago. The algorithm is public domain, and was
> >claimed to have better randomness than most other algorithms
> >of that time. Since some users depend on this algorithm
> >for encrypting their data, I'd rather not make the details public.
> >
> >If you find any defects or shortcomings in rand() please
> >let me know exactly what they are. So far all I've heard
> >is "good for most purposes" or "doesn't measure up well
> >on some of the (completely unspecified) tests".
>
> If you would like to see the homepage of the Diehard test and download the
> DOS version that I and several others have been using, you can go to this URL
>
> http://stat.fsu.edu/~geo/diehard.html
>
> It appears to be legit.
>
> I can't see why publishing the source for your rand() would have any effect on
> the encrypters since you have provided a method to change the key. If the
> randomness is reasonable, knowing the code will give very little leverage to
> anyone. As I have noted in other posts, rand() appears to do quite well. Using
> #FFFF for a range and an atom to store into appears to produce a full 32 bit
> range.
>
> Everett L.(Rett) Williams
> rett at gvtc.com
>
Aye, I agree. On top of this, the opensource community has two
key phrases: 'release early, release often', and (the relevant one)
'security through obscurity isn't'. If procedural knowledge can give
someone an edge, then there's something wrong with the system. Think about
it, programs respond, passwords don't.
|
Not Categorized, Please Help
|
|
