CSPRNG

[sga]

Hello,

I've been looking around and I haven't been able to find a cryptographically secure pseudorandom number generator (CSPRNG) for GO. I did see a thread about crypto/Fortuna but it seems that it has been discontinued for over 2 years. I would use crypt/rand but it's unclear how I can seed it in a way that is shareable (i.e., if I were to share the seed with someone else, they should be able to use it to generate the same sequence of random numbers). I guess my question really is: is there anyone out there who's implemented a CSPRNG? if not, I guess I'll just update the old fortuna code and see if I can get it to work.

Thanks!

[Jan Mercl]

I *think* the FCPRNGs from
http://go.pkgdoc.org/github.com/cznic/mathutil, based on some prime
number properties are, when using N bits window of every M bits
generated, N < M, cryptographically secure wrt state comprimising for
some values of N, M. What concerns the pseudo randomness per se, here
are some results for a window 8/32 bits and a default seed:
https://github.com/cznic/mathutil/blob/master/nist-sts-2-1-1-report.

-j

[Dmitry Chestnykh]

On Saturday, September 1, 2012 4:34:00 AM UTC+2, sga wrote:

Hello,

I've been looking around and I haven't been able to find a cryptographically secure pseudorandom number generator (CSPRNG) for GO. I did see a thread about crypto/Fortuna but it seems that it has been discontinued for over 2 years. I would use crypt/rand but it's unclear how I can seed it in a way that is shareable (i.e., if I were to share the seed with someone else, they should be able to use it to generate the same sequence of random numbers). I guess my question really is: is there anyone out there who's implemented a CSPRNG? if not, I guess I'll just update the old fortuna code and see if I can get it to work.

 

If you need CSPRNG with a sharable seed, why not use AES in CTR mode?

http://golang.org/pkg/crypto/cipher/#NewCTR

That would basically be the Fortuna's generator, providing that your seed is random, and excluding the key change, which might not make sense to do depending on how you share the seed.

-Dmitry

[Jochen Voss]

Hi sga,

On Saturday, 1 September 2012 03:34:00 UTC+1, sga wrote:

I've been looking around and I haven't been able to find a cryptographically secure pseudorandom number generator (CSPRNG) for GO. I did see a thread about crypto/Fortuna but it seems that it has been discontinued for over 2 years. I would use crypt/rand but it's unclear how I can seed it in a way that is shareable (i.e., if I were to share the seed with someone else, they should be able to use it to generate the same sequence of random numbers). I guess my question really is: is there anyone out there who's implemented a CSPRNG? if not, I guess I'll just update the old fortuna code and see if I can get it to work.

Just came across this by chance (and I know you asked the question a long time ago).  There is now an implementation of Fortuna for Go available at https://github.com/seehuhn/fortuna .

I hope this helps,

Jochen

[Oleku Konko]

A good implementation of Fortuna was proposed but stylishly rejected by the GO Team

See:

- https://codereview.appspot.com/42560043/

- https://groups.google.com/forum/#!searchin/golang-dev/fortuna|sort:relevance|spell:true/golang-dev/q4VsFoeLxOQ/AtWOyPkHWMEJ

I really hope that decision can be reviewed 

[sga]

Thanks for your reply! Obviously I got around this issue a while ago, and ended up implementing ChaCha instead (see http://cr.yp.to/chacha/chacha-20080128.pdf).