Whether or not ironclad is necessary, or even acceptable, really depends on what your requirements are. The best pseudo-random number generator in the world might be completely unacceptable in a crypto application if you don't seed it with enough entropy. Likewise, a quantum-mechanical source of true randomness might be completely unacceptable for a monte-carlo simulation if the bandwidth isn't high enough.
On Oct 27, 2013, at 3:16 PM, Bill St. Clair wrote:
Seems like a mighty big hammer for something that for most of us will be a few READ-BYTEs from /dev/urandom. Windows is harder than that (calls to a couple of foreign functions in the advapi32 library), but still nowhere near as much as all of Ironclad.
Bill
On Sat, Oct 26, 2013 at 2:09 PM, Hans Hübner hans.huebner@gmail.com wrote: I think a dependency on ironclad would be okay. If anyone has a different opinion, please speak up.
-Hans
2013/10/26 Sabra Crolleton sabra.crolleton@gmail.com Quite awhile ago I proposed strengthening create-random-string with something that required cl-ssl as a dependency and it was correctly pointed out that some implementations do not play well with cl-ssl. Would using the strong-random function from ironclad be acceptable? E.g.
(defun create-random-string (&optional (n 10) (base 16))
"Creates a random string using ironclad's strong-random function with base BASE and N digits" (setf crypto:*prng* (crypto:make-prng :fortuna))
(subseq (with-output-to-string (s) (loop for i to n do (format s "~VR" base (ironclad:strong-random 100000000000)))) 0 n))
Sabra