On 03/18/13 03:26, Leo Liu wrote:
> From that discussion (almost two years ago) there was clearly interest
> in having a strongly random source. The solution you proposed looks
> excellent. Are there any progress on this matter?
There's been no progress, alas.
Yours is the first sign of interest that I've seen since then.
I may be able to find a student or two
who might volunteer to work on this; we'll see.
There's one extra wrinkle I'd like to add while we're at it:
if available we should use the random-number instructions
in recent implementations of x86 and x86-64 architectures
as this should yield even better performance.
http://en.wikipedia.org/wiki/RdRand
I'm working on an implementation of SASL authentication and for that I
need to generate a reasonably secure nonce.
Performance is not an issue in my application because it only needs to
perform authentication every now and then, and each time only a single
nonce is needed.
I'm now using `(random t)' but that's brittle: I don't see a way to
guarantee that the random data it produces is of sufficient quality.
(There's a chance both /dev/urandom is unavailable (perhaps because
Emacs is running in a chroot or a container) and GnuTLS initialization
throws an error, in which case `random' would silently fall back to a
non-secure source. I suppose it's good enough for my use case but it
does highlight the absence of `secure-random-bytes'.)
I wonder, is there anything speaking against adding a simple
implementation now and worrying about maximal performance later?