Closed vigna closed 4 years ago
Full quote, which certainly does not state that "standard PRNGs are of no use":
The goal of regular, non-cryptographic PRNGs is usually to find a good balance between simplicity, quality, memory usage and performance. Non-cryptographic generators pre-date cryptographic ones and since we now have fast cryptographic generators, some people argue that the non-cryptographic ones are now obsolete. They can however have some advantages: small state size, fast initialisation and simplicity (though this is not true of all non-crypto PRNGs; e.g. the Mersenne Twister has a large state despite being easy to predict).
The bit about embedded CPUs without hardware AES is a decent point, but note that Google now provides support for full-disk encryption via ChaCha12 (see this article), so even without hardware support fast crypto generators are available.
Are you really claiming that "are now obsolete" is completely different from "are of no use"?
I think I'm withdrawing all my comments. Go ahead. 😂
No?
I think it's valid to make a statement like "some people argue that ... are now obsolete, however ..."?
In the book, there's the statement "since we now have fast cryptographic generators, some people argue that the non-cryptographic ones are now obsolete".
I think this should at least be circumstantiated carefully. Like, restricting the statement to programming languages in the large on significantly powerful hardware.
If you're programming a small embedded system with multiple threads, you cannot certainly spend hundreds of bits for a CSPRNG, and not even the electricity for generating data: we tend to overlook these problems, but not every computation needing randomness happens in a large box with an unlimited supply of electrical power. The same holds for embedded microprocessors. And if you're running in a language like go in which you can have hundred of thousands of lightweight threads, you don't wanna pollute your cache with millions of bits from PRNGs.
I agree that in a large number of situations today you can go for crypto—as I state in my page on PRNGs, with dedicated hardware and a bit of vectorization you can stream AES in about 1.2ns/64bit, which is more than faste enough for every application. But, with dedicated hardware and unlimited power.
If you consider randen, Google's crypto super-fast generator, with full hardware support it is still 10 times slower, say, than a vectorized
xoshiro256++
. I think the gap is too large to claim that standard PRNGs are of no use.