[erlang-questions] Yaws security alert - Yaws 1.93
Kenji Rikitake
kenji.rikitake@REDACTED
Sun Jun 24 05:25:31 CEST 2012
FYI:
* Mersenne Twister PRNGs are NOT cryptographically safe either, although
the random number generation period is much much longer (approx. 2^43
on AS183, (2^19937) - 1 for SFMT) and the state space is far less
easier to be exploited.
* sfmt-erlang is now runable on non-NIF environment (though it's slow)
* I've been working on a lightweight variant of MT called TinyMT (period:
(2^127) - 1, internal state: 28 bytes), including compatibility
functions to the random module, and is capable of generating ~2^58
different RNG streams. It's at
https://github.com/jj1bdx/tinymt-erlang
++> Tuncer Ayaz <tuncer.ayaz@REDACTED> [2012-06-21 12:47:46 +0200]:
> It should probably be replaced with Kenji's sfmt-erlang or an
> implementation of (C)MWC.
>
> https://groups.google.com/group/comp.soft-sys.math.mathematica/msg/95a94c3b2aa5f077
Kenji Rikitake
More information about the erlang-questions
mailing list