[Cryptography] A better random number generator...

[Jerry Leichter]

On Feb 22, 2015, at 6:41 PM, dj at deadhat.com wrote:
> Be careful. LCGs and PCGs and algorithms like xorshift are not
> cryptographically secure. The goal is to have good statistical properties
> at a minimum algorithmic cost. You can see in the talk that speed is one
> property they aim for....
You can also read what the author actually say on this exact subject (http://www.pcg-random.org/predictability.html):

"I know that if I were trying to predict a random number generator, I'd want something easier than the PCG family. But if I wanted actual crypographic security for secure communication, I'd probably want to use something that has been around longer and seen more scrutiny.

Hopefully as time passes, the PCG generation scheme will receive scrutiny from people with far more expertise in crypographic security than me, and we will have a clearer picture about how easily it can be predicted. With that in mind, I hope to offer some crypographic secuity challenges in the future to encourage people to try to break it."

This is preceded by a discussion of how various other generators are broken, and some argument about why the known techniques may not extend to PCG's.

                                                        -- Jerry