Open bradfitz opened 6 years ago
CC @robpike
I see what you meant by your comment now :) It looks like "pseudorandom" is a valid English word: https://www.merriam-webster.com/dictionary/pseudorandom Additionally, words with the prefix "pseudo-" are apparently not hyphenated: http://www.mit.edu/course/21/21.guide/hyphen.htm
Secure vs Strong: If we had to choose, I'd go with secure since even the man page for /dev/[u]random mentions the following under "Usage":
the output is cryptographically secure against attackers without local root access as soon as it is reloaded in the boot sequence
TLDR, we may want to mention that crypto/rand implements a CSPRNG (cryptographically secure pseudorandom number generator).
I prefer pseudo-random and that's what math/rand uses, so that's my vote.
Generally, in English phrases become adjectives by hyphenation, and then after a long period of consistent usage the hyphens drop, but I don't believe pseudo-random is ready to lose its hyphen yet.
"cryptographically secure random number generator"
Too many people go from that "pseudo" to "but I need real randomness!" and then you end up with /dev/random
.
Change https://golang.org/cl/119875 mentions this issue: crypto/rand: make documentation consistent between package comment and Reader
The docs for crypto/rand contain both "pseudorandom" and "pseudo-random" for the same part of speech.
Decide which to use.
Also, the package doc says:
But the Reader says:
Is it cryptographically "strong" or is it "secure"? Can we pick a word there too?
Or can we just remove "pseudorandom" altogether? I feel like it makes it sound too much like math/rand.
Can we just say "cryptographically secure random number generator"?
/cc @FiloSottile @agl @ianlancetaylor