CSPRNG

[MikuAuahDark]

I think there are cases where trully random number is required. One case is drawing cards for a deck game. Thus, I propose these functions:

• love.system.randomBytes(nbytes) - Generates random bytes/string with length of nbytes.

The hardest part of this proposal is to implement that function, since it's platform-specific. Once that function is implemented, these functions can be implemented trivially.

• love.math.secureRandom and love.math.secureRandomNormal - Accepts same arguments as love.math.random and love.math.randomNormal but the numbers were retrieved from CSPRNG.

[slime73]

One case is drawing cards for a deck game.

Why wouldn't you use a PRNG for that? There might be some very specific niche use cases for true RNGs in games but I've personally never seen them used.

[Trendyne]

Truly random numbers you can't really get without specific hardware, so you'd need to ask for them from a service provider like https://www.random.org/clients/http/ but cryptographically secure PRNGs work well enough that nobody call tell the difference, so there isn't much point

[HDPLocust]

The only time you need true random numbers is in a multiplayer game (like a collectible card game), and true true randomness can be implemented on the server side, not on the client side.

But at the same time, you lose the ability to use seeds to create similar runs in roguelikes. Even in multiplayer games like strategy games with generated maps, you can use the seed and all clients will make duplicated map instead of transfer huge arrays of data.

I mean, trully random numbers have wery limited uses and mostly on server side.

If you really really need CSPRNG (which actually differ little from the Mersenne vortex, except that they are a bit harder to predict) that, use FFI to attach a library or use C-binding for Lua.

[Calandiel]

It'd be nice if Love had some tools for cryptography (CSPRNG, maybe some aes encryption and Diffie Hellman key exchange). It'd be useful for multiplayer games as the only other alternative is binding libraries with FFI. I'm not sure if that'd fit the design of the framework, though. It'd be even more niche than having a way to draw 3d meshes without hand crafting the renderer for them.

[HDPLocust]

FFI is not only alternative, ofc. You can use any Lua binding you want include native ones. Just require it. Ofc it should be builded for your platform and be placed near executable on windows or packed near other libs on android/ios.

[slime73]

I think robust cryptography APIs are outside of love's scope - although you can use another library for that alongside love, as mentioned. IMO the type of RNG proposed in this issue is more in the cryptography domain than the game client domain.