Update the book #4
Conversation
|
Thanks. Some of it is just copy+paste though. Those links work for me (try |
|
@dhardy the links do work. Sorry about that. |
src/guide-rngs.md
Outdated
| output values. | ||
|
|
||
| ### Quality stars: | ||
| PRNGs with 3 stars or more should be good enough for any purpose. |
There was a problem hiding this comment.
This statement is too strong. All non-CSPRNG are imperfect by definition. Maybe "Should be good enough for most non-crypto applications"?
src/guide-rngs.md
Outdated
| cycle length can be given, where the exact length depends on the seed. | ||
|
|
||
| On today's hardware, even a fast RNG with a cycle length of *only* | ||
| 2<sup>64</sup> can be used for centuries before cycling. Yet we recommend a |
There was a problem hiding this comment.
Parallel applications might achieve cycling in reasonable time.
There was a problem hiding this comment.
If you were skipping forward to get a unique stream, yes — but if I were using small fast RNGs in a parallel program I'd prefer to seed a bunch of independent ones, seeded off a strong (crypto?) master PRNG. Isn't this really about skipping/streams?
There was a problem hiding this comment.
If you seed them randomly, you will run into overlaps even more quickly. (This is the birthday problem and discussed elsewhere in this document.) So the limited cycle length is still a problem.
src/guide-rngs.md
Outdated
| algorithm. People in the field of cryptography spend a lot of effort | ||
| analyzing existing designs, and what was once considered good may now turn | ||
| out to be weaker. Generally it is best to use algorithms well-analyzed by | ||
| experts, such as those recommended by NIST or ECRYPT. |
There was a problem hiding this comment.
Maybe add links?
I hesitate to defer to NIST after the Dual_EC_DRBG disaster.
There was a problem hiding this comment.
I hesitate to fully trust any single authority, but it's really beyond my expertise to give better advice here. Any suggestions?
src/guide-rngs.md
Outdated
| # Further reading | ||
|
|
||
| There is quite a lot that can be said about PRNGs. The [PCG paper] is a | ||
| very approachable explaining more concepts. |
There was a problem hiding this comment.
This sentence is missing a word?
There was a problem hiding this comment.
Or has too many? I think @pitdicker wrote that.
src/guide-rngs.md
Outdated
| Non-cryptographic generators pre-date cryptographic ones and since we now have | ||
| fast cryptographic generators, some people argue that the cryptographic ones | ||
| are now obsolete. They do however still have some advantages: small state size, | ||
| fast initialisation and simplicity. |
There was a problem hiding this comment.
*non-cryptographic ones are now obsolete.
src/guide-rngs.md
Outdated
| @@ -82,8 +71,7 @@ Any block cipher can be turned into a CSPRNG by encrypting a counter. Stream | |||
| ciphers are basically a CSPRNG and a combining operation, usually XOR. This | |||
| means that we can easily use any stream cipher as a CSPRNG. | |||
|
|
|||
| This crate currently provides two CSPRNGs. The sub-crate `rand_isaac` | |||
| provides two CSPRNG-like PRNGs: | |||
| We provide the following "CSPRNG-like" RNGs: | |||
There was a problem hiding this comment.
CSPRNG-like is a weird word. What does it mean?
There was a problem hiding this comment.
The rationale for this weird phrasing was to avoid having to throw ISAAC out, though I suppose we could do that, or just put everything in one big table.
This whole section is far from ideal; mostly it's a copy+paste since I didn't want to do a re-write.
There was a problem hiding this comment.
I would just call ISAAC a CSPRNG. CSPRNG-like does not make sense to me without definition.
src/contrib-scope.md
Outdated
| - sampling from various random number distributions | ||
|
|
||
| The `rand_chacha`, `rand_hc`, `rand_isaac`, `rand_pcg` and `rand_xorshift` | ||
| libraries provide additional PRNGs. |
There was a problem hiding this comment.
I would add: "They are recommended over StdRng and SmallRng when reproducibility is needed."
|
Looks very good! I only had a few minor comments.
Sure, should I do the following?
|
Minor tweaks
Various changes to fill in the blanks and prepare for 0.6.
There are still a few short-comings of this doc, but at this point I feel I've written the lion's share of the book, so please consider writing a PR if you have contributions!
@vks would you like to work your xoshiro crate into this somehow? I did actually mention it in the update guide. (Or if you'd rather not mention it at this point or do something else with it, that's fine —
rust-randomis open to new crates.)