[Ecls-list] ECL start and random numbers

Matthew Mondor mm_lists at pulsar-zone.net
Mon Jul 18 13:21:49 UTC 2011

On Mon, 18 Jul 2011 14:08:14 +0200 (CEST)
"Philipp Marek" <philipp at marek.priv.at> wrote:

> I just saw that ECL read /dev/urandom on startup, obviously to initialize its
> random number generator.
>  * Is that required by the specification? eg. SBCL gives always the same
>    numbers, unless (seed-random-state T) is called (or (make-random-state T)).

I don't seem to find anything special about this in the Hyperspec,
other than RANDOM being described as an approximately uniform
pseudo-random generator...

>  * If the randomization at startup is wanted, how about reading much less
>    (eg. 3 words) and using a pseudo-random-number generator to fill the
>    random state?

I agree that 4 or 8 bytes read from urandom(4) is probably sufficient,
followed by the use of a pseudo-random generator.  I know that the
implementations of rand(3) are generally pretty crappy though, compared
to BSD random(3).  I'm not sure if other unix systems that also
have /dev/urandom also have a decent random(3), but if so, perhaps that
could be used.

I have no idea if the ECL-provided Mersenne-Twister is good enough, but
it's probably better than most rand(3) implementations.  Perhaps that
it could be initialized with minimal expanded state taken from
urandom(4) to itself generate a somewhat better state in a few rounds...

> My reasoning is that most people don't need cryptographically secure [1]
> random numbers; if they need some, they can (and for portability _should_)
> always initialize the state themselves.

I agree, and we can use OpenSSL's libcrypto(3), arc4random(3) (BSD),
Ironclad (CL!) or urandom(4)/random(4) ourselves if we really want them.
All we need is to have a decent distribution with a decent performance.

More information about the ecl-devel mailing list