Only cryptographers care about "unpredictability." Outside of cryptography, the ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

eliteraspberrie on Nov 12, 2015 | parent | context | favorite | on: Specific Problems with Other RNGs

Only cryptographers care about "unpredictability." Outside of cryptography, the interesting properties of a PRNG are speed, period length, and state size.

But a good CSPRNG has excellent statistical properties. So if you make "unpredictability" a requirement, their slow PRNG becomes very attractive. In other words, they made up a problem for their solution.

If you need a statistical PRNG, use a statistical PRNG. (The best are xorshift1024* and xorshift128+.) If you need a CSPRNG, use a CSPRNG.

tptacek on Nov 12, 2015 [–]

This sentiment is totally untrue and is why the password resets in PHP apps are the subjects of security conference presentations.

It can be surprisingly tricky to predict which random values an application uses will end up being security-critical.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact