Jason R Thorpe <thorpej@wasabisystems.com> writes:
> It is certainly not fine for e.g. a CBC IV.

Actually, IVs are an ideal use for such a thing. What you want is a
sequence which will not repeat easily and where the hamming distance
between the successive values is usually high -- there is no need for
something secret (because it isn't!). Something like this works great
for IVs. It just works horribly for producing KEYS!

> You want to have multiple interfaces:
> 
> 	- traditional random(), which can be used for reproducing results.
> 
> 	- fast-and-pretty-good generator for things which don't need
> 	  cryptographically strong random numbers, just "pretty good"
> 	  ones.
> 
> 	- cryptographically strong generator for cases where you need it.

I agree modulo one thing: RC4 is actually more or less as fast as
random() once initialized, so there is no real point in using random()
-- an RC4 based generator would actually work better and produce much
nicer data for things like monte carlo generators.

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/