[Cryptography] Construction of cryptographic software.

ianG iang at iang.org
Wed Dec 3 11:36:45 EST 2014

On 2/12/2014 23:17 pm, Tony Arcieri wrote:
> On Tue, Dec 2, 2014 at 1:44 PM, Ray Dillinger <bear at sonic.net
> <mailto:bear at sonic.net>> wrote:
>     Would anybody else here like to share some of the techniques they use?
> https://cryptocoding.net/index.php/Coding_rules

I've written up my philosophy of RNGs here:


1. Use what your platform provides. Random numbers are hard, which is 
the first thing you have to remember, and always come back to. Random 
numbers are so hard, that you have to care a lot before you get 
involved. A hell of a lot. Which leads us to the following rules of 
thumb for RNG production.

     a. Use what your platform provides.
     b. Unless you really really care a lot, in which case, you have to 
write your own RNG.
     c. There isn't a lot of middle ground.
     d. So much so that for almost all purposes, and almost all users, 
Rule #1 is this: Use what your platform provides. E.g., for *nix, use 
urandom [Ptacek].
     e. When deciding to breach Rule #1, you need a compelling argument 
that your RNG delivers better results than the platform's [Gutmann1]. 
Without that compelling argument, your results are likely to be more 
random than the platform's system in every sense except the quality of 
the numbers.

If you find yourself disagreeing with Rule #1, read on...


More information about the cryptography mailing list