[erlang-questions] Multi-precision math, random number generator entropy, various other questions

Per Hedeland per@REDACTED
Sun May 31 23:04:29 CEST 2009


"Greg Perry" <Greg.Perry@REDACTED> wrote:
>
>>The standard implementation of Erlang is a user level process running
>on top of an OS that these days almost always has a quality
>implementation of entropy gathering - any attempt to re-implement that
>in the Erlang runtime is guaranteed to result in something with inferior
>quality.
>
>Unfortunately that depends on the host OS' RNG, Linux and most BSD
>variants have quality entropy gathering and RNG functions; Windows
>variants not so much.

If it has *any* entropy gathering, it is likely to be better than what
you can do in a user-level process. As you probably know, the kernel
level entropy gathering is typically based on the "almost really random"
arrival of hardware interrupts from various sources (or potentially on
"really random" hardware RNGs if available) - these sources are simply
not available to a user-level process, at most it could look at the
input it receives itself, if any.

But anyway, I think the best answer was already given - use
crypto:rand_bytes/1 if you really need "crypto quality" random numbers.
The OpenSSL crypto library will use /dev/urandom and the like (depending
on availability) to seed a high-quality PRNG - i.e. you get something
that is a) portable and b) probably the best quality you *can* get on a
given OS/HW.

(And seeding a PRNG is *the* way to use /dev/urandom - if you read lots
of random numbers directly from it, it may degenerate into a single PRNG
for all users - and it won't tell you that it does.)

--Per


More information about the erlang-questions mailing list