<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Whether or not ironclad is necessary, or even acceptable, really depends on what your requirements are. The best pseudo-random number generator in the world might be completely unacceptable in a crypto application if you don't seed it with enough entropy. Likewise, a quantum-mechanical source of true randomness might be completely unacceptable for a monte-carlo simulation if the bandwidth isn't high enough.<div><div><br><div><div>On Oct 27, 2013, at 3:16 PM, Bill St. Clair wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Seems like a mighty big hammer for something that for most of us will be a few READ-BYTEs from /dev/urandom. Windows is harder than that (calls to a couple of foreign functions in the advapi32 library), but still nowhere near as much as all of Ironclad.<div>
<br></div><div>Bill</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Oct 26, 2013 at 2:09 PM, Hans Hübner <span dir="ltr"><<a href="mailto:hans.huebner@gmail.com" target="_blank">hans.huebner@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I think a dependency on ironclad would be okay. If anyone has a different opinion, please speak up.<span class="HOEnZb"><font color="#888888"><div>
<br></div><div>-Hans</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">2013/10/26 Sabra Crolleton <span dir="ltr"><<a href="mailto:sabra.crolleton@gmail.com" target="_blank">sabra.crolleton@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Quite awhile ago I proposed strengthening create-random-string with something that required cl-ssl as a dependency and it was correctly pointed out that some implementations do not play well with cl-ssl. Would using the strong-random function from ironclad be acceptable? E.g.<div>
<br></div><pre><div><span style="font-family:arial">(</span><span style="font-family:arial">defun</span><span style="font-family:arial"> </span><span style="font-family:arial">create-random-string</span><span style="font-family:arial"> </span><span style="font-family:arial">(</span><span style="font-family:arial">&optional</span><span style="font-family:arial"> </span><span style="font-family:arial">(</span><span style="font-family:arial">n</span><span style="font-family:arial"> </span><span style="font-family:arial">10</span><span style="font-family:arial">)</span><span style="font-family:arial"> </span><span style="font-family:arial">(</span><span style="font-family:arial">base</span><span style="font-family:arial"> </span><span style="font-family:arial">16</span><span style="font-family:arial">))</span><br>
</div><div> <span>"Creates a random string using ironclad's strong-random function with base BASE and N digits"</span></div><div><span><span> (</span><span>setf</span> <span>crypto:*prng*</span> <span>(</span><span>crypto:make-prng</span> <span>:fortuna</span><span>))</span><br>
</span></div><div> <span>(</span><span>subseq</span> <span>(</span><span>with-output-to-string</span> <span>(</span><span>s</span><span>)</span></div>
<div> <span>(</span><span>loop</span> <span>for</span> <span>i</span> <span>to</span> <span>n</span> <span>do</span></div><div>
<span>(</span><span>format</span> <span>s</span> <span>"~VR"</span> <span>base</span></div><div> <span>(</span><span>ironclad:strong-random</span> <span>100000000000</span><span>))))</span></div>
<div> <span>0</span> <span>n</span><span style="font-family:arial">)) </span></div><span><font color="#888888"><div><span style="font-family:arial"><br></span></div><div>
<span style="font-family:arial">Sabra</span></div></font></span></pre></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</blockquote></div><br></div></div></body></html>