--- a/Random.st Thu Oct 02 16:31:02 2014 +0200
+++ b/Random.st Thu Oct 02 16:50:55 2014 +0200
@@ -264,9 +264,14 @@
"return a number useful for seeding.
This takes the current processor's time, plus the processor's process id,
plus some value depending on the memory allocation state,
- plus a random salt."
+ plus a random salt, and shuffles those bits around.
+ The entropy returned should be reasonable enough for a good seed of a good rnd
+ generator. However, keep in mind, that it only has a limited number of entropy bits
+ (in the order of 32).
+ But it shoud be much better than what is commonly used in older
+ programs (current time) or even a constant."
- |newSeed|
+ |newSeed hash|
RandomSalt isNil ifTrue:[
RandomSalt := 1.
@@ -279,11 +284,35 @@
[
newSeed := newSeed bitXor:(OperatingSystem getCPUCycleCount).
] on:PrimitiveFailure do:[].
- newSeed = 0 ifTrue:[ newSeed := Time microsecondClockValue ]. "/ how likely is that
- ^ newSeed.
+
+ "/ any other easy sources of entropy?
+
+ "/ how likely is that? - paranoia
+ newSeed = 0 ifTrue:[ newSeed := Time microsecondClockValue ].
+
+ "/ The above gives us a 5-8 byte number, but some high bits are constant.
+ "/ (the constant high bits from the above do not provide any entropy)
+ "/ so the effective entropy is more in the order of 32 bits.
+ "/ if called shortly in a row, the returned values are only affected by
+ "/ the amount of memory allocated in between (and if there are any newspace reclamations),
+ "/ the real time in between and the number of cpu cycles between,
+ "/ plus the salt counter.
+ "/ Hashing should make this less likely to be predicted.
+
+ "/ I think there is no problem in that MD5 is not a secure hash algo here - the idea is to shuffle the bits around a bit
+ "/ (because the numbers above usually have many high bits in common)
+ "/ and then condense the bits into a smaller number.
+ "/ Any comment from a crypto guy here - I am willing to change this to some other hash, if that makes a problem
+
+ hash := MD5Stream hashValueOf:(newSeed asLargeInteger digitBytes).
+ "/ still the same number of entropy bits, bit no longer limited to an unknown number of low bits,
+ "/ bit arbitrarily spread among the hash bytes.
+ "/ Seeding rnd generators should Xor the returned 8 bytes to their max. seed size
+ ^ LargeInteger digitBytes:hash.
"
- self randomSeed bitAnd:16rFFFFFFFF
+ 10 timesRepeat:[Transcript showCR:self randomSeed].
+ self randomSeed bitAnd:16rFFFFFFFF
"
! !
@@ -737,10 +766,10 @@
!Random class methodsFor:'documentation'!
version
- ^ '$Header: /cvs/stx/stx/libbasic2/Random.st,v 1.54 2014-10-01 15:32:58 cg Exp $'
+ ^ '$Header: /cvs/stx/stx/libbasic2/Random.st,v 1.55 2014-10-02 14:50:55 cg Exp $'
!
version_CVS
- ^ '$Header: /cvs/stx/stx/libbasic2/Random.st,v 1.54 2014-10-01 15:32:58 cg Exp $'
+ ^ '$Header: /cvs/stx/stx/libbasic2/Random.st,v 1.55 2014-10-02 14:50:55 cg Exp $'
! !