On Thu, 4 Jul 2002, Remy X.O. Martin wrote:
> Hi again,
>
> This is just out of pure curiosity: I came across the documentation of
> the various random generators in R and saw that the entropy-based kernel
> random generator available on Linux, Solaris and some other OSes is not
> by default available. (This generators random values based on the
> entropy associated with all IO that is handled by the kernel -- this
> includes TCP/IP packets.) There are solutions for systems that do not
> have this functionality by default (see the OpenSSH documentation). Is
> there a specific reason why this generator isn't used, and if so,
which?
Several reasons
One, as you observe, it isn't portable -- it has to be handled in
different ways on different systems.
Two, and more important, statisticians *like* predictable random-number
generators so that the random numbers can be repeated. R's random number
generators are useless for crytographic purposes, but they work quite
nicely for simulation.
Three, there's often not enough entropy to go around. Many users of R
generate far more random numbers than can reliably be produced by
environmental noise, particularly in a system that isn't on-line and so
doesn't have TCP/IP noise.
So, R and openSSH use random numbers for quite different purposes, and
that's why they are produced in different ways. Don't use R to write
encryption software.
Actually, R provides hooks for user-supplied RNGs, so it would be possible
for someone to write one based on environmental noise or based on securely
encrypting a counter or similar ideas.
-thomas
Thomas Lumley Asst. Professor, Biostatistics
tlumley at u.washington.edu University of Washington, Seattle
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-help mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !) To: r-help-request at
stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._