[erlang-questions] All possible internal states of Erlang/OTP random module are practically computable

Eric Pailleau eric.pailleau@REDACTED
Fri Dec 26 13:56:21 CET 2014


hi,
yes, good catch.
I did not thought that make_ref() itself was a good candidate, but maybe the underlaying code allowing 2^82 space could be reused. but looks like the statistical tests would not pass anyway...

« Envoyé depuis mon mobile » Eric

Erik Søe Sørensen <eriksoe@REDACTED> a écrit :

>There's another problem: seeding.
>
>erik@REDACTED:~$ erl -noshell -eval 'io:format("~p\n", [make_ref()]),
>init:stop().'
>#Ref<0.0.0.27>
>erik@REDACTED:~$ erl -noshell -eval 'io:format("~p\n", [make_ref()]),
>init:stop().'
>#Ref<0.0.0.27>
>
>That is, while the state space may be as big as 2^82, only the first
>tinyish part of it is of interest to an attacker, so the effective state
>space is much smaller.
>
>
>2014-12-25 3:32 GMT+01:00 Jesper Louis Andersen <
>jesper.louis.andersen@REDACTED>:
>
>> A quick guess would be no. I'm pretty sure such a solution would have two
>> problems:
>>
>> * It would not pass the necessary statistical tests well enough.
>> * It would be considerably slower than appropriating a PRNG made for the
>> purpose.
>>
>> On Wed Dec 24 2014 at 11:55:35 AM Eric Pailleau <eric.pailleau@REDACTED>
>> wrote:
>>
>>> ____
>>> make_ref()
>>>
>>> Returns an almost unique reference.
>>>
>>> The returned reference will reoccur after approximately 2^82 calls;
>>> therefore it is unique enough for most practical purposes.
>>> ____
>>>
>>> hi,
>>> could this function a base for a better non cryptographic  random
>>> generator ?
>>> phash2 on such make_ref() value does not help with 2^32 cycle...
>>> regards
>>>
>>>
>>>
>>>
>>> « Envoyé depuis mon mobile » Eric
>>
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141226/42b72186/attachment.htm>


More information about the erlang-questions mailing list