[erlang-questions] Yaws security alert - Yaws 1.93

Kenji Rikitake <>
Sun Jun 24 05:25:31 CEST 2012


FYI:

* Mersenne Twister PRNGs are NOT cryptographically safe either, although
  the random number generation period is much much longer (approx. 2^43
  on AS183, (2^19937) - 1 for SFMT) and the state space is far less
  easier to be exploited.

* sfmt-erlang is now runable on non-NIF environment (though it's slow)

* I've been working on a lightweight variant of MT called TinyMT (period:
  (2^127) - 1, internal state: 28 bytes), including compatibility
  functions to the random module, and is capable of generating ~2^58
  different RNG streams.  It's at
  https://github.com/jj1bdx/tinymt-erlang

++> Tuncer Ayaz <> [2012-06-21 12:47:46 +0200]:
> It should probably be replaced with Kenji's sfmt-erlang or an
> implementation of (C)MWC.
> 
> https://groups.google.com/group/comp.soft-sys.math.mathematica/msg/95a94c3b2aa5f077

Kenji Rikitake



More information about the erlang-questions mailing list