[erlang-questions] Multi-precision math, random number generator entropy, various other questions

Robert Virding <>
Mon Jun 1 02:29:33 CEST 2009


Hi Greg,

2009/5/31 Greg Perry <>

> I am not a crypto expert, but it seems to me that just choosing a strong
> random seed value is insufficient -- the heart of the problem is that the
> RNG algorithm is simply not designed to generate cryptographically strong
> random numbers. If you want strong random number generation use the crypto
> module -- it pulls from /dev/urandom and various other entropy sources via
> OpenSSL.


I can most definitely say that the RNG algorithm in the module random does
not generate cryptographically sound random numbers. It is a perfectly
reasonable RNG for simulations and things like that but not for serious
cryptography. Unfortunately the documentation does not mention this.

Robert


More information about the erlang-questions mailing list