[Development] CSPRNG vs DPRNG
Lars Knoll
lars.knoll at qt.io
Fri Oct 13 10:30:57 CEST 2017
> On 12 Oct 2017, at 17:11, Thiago Macieira <thiago.macieira at intel.com> wrote:
>
> On quinta-feira, 12 de outubro de 2017 01:28:34 PDT Edward Welbourne wrote:
>>> So I created a better option: QPseudoRandomGenerator (name bikeshedding
>>> later)
>> I should note that "pseudo-random" is in fact a variant on "chaotic", so
>> perhaps QChaoticGenerator would be more apt. Chaos is not random,
>> it just looks a lot like it.
>
> I have another option, which is to make QRandomGenerator be both:
>
> - QRandomGenerator::system() is the system, HW-backed CSPRNG.
> - QRandomGenerator::global() is the app-wide securely-seeded DPRNG
> - QRandomGeneraotor has a constructor to create repeatable DPRNG.
>
> If Ville and Marc don't look too closely at the change, I can even save the
> system the 637 * 4 bytes of static data that would never be used.
>
> I haven't made this change yet, but I think it's a better solution and less of
> a disrupution of the feature freeze.
>
> I still need a mandatory Mersenne twister and, like QThread, we'll have at
> least one std symbol in our ABI (std::seed_seq).
This sounds like a decent option to me. I'm don't quite like system() and global() as names yet, as they don't really make it clear that one of them is deterministic. Other than that this looks like a good way forward.
It's ok to do those changes in 5.10, but let's get this sorted quickly and make sure we don't cause trouble for the release process. This probably means that we'll need to keep the current static methods.
Cheers,
Lars
More information about the Development
mailing list