Whether or not ironclad is necessary, or even acceptable, really depends on what your requirements are.  The best pseudo-random number generator in the world might be completely unacceptable in a crypto application if you don't seed it with enough entropy.  Likewise, a quantum-mechanical source of true randomness might be completely unacceptable for a monte-carlo simulation if the bandwidth isn't high enough.

On Oct 27, 2013, at 3:16 PM, Bill St. Clair wrote:

Seems like a mighty big hammer for something that for most of us will be a few READ-BYTEs from /dev/urandom. Windows is harder than that (calls to a couple of foreign functions in the advapi32 library), but still nowhere near as much as all of Ironclad.

Bill


On Sat, Oct 26, 2013 at 2:09 PM, Hans Hübner <hans.huebner@gmail.com> wrote:
I think a dependency on ironclad would be okay.  If anyone has a different opinion, please speak up.

-Hans


2013/10/26 Sabra Crolleton <sabra.crolleton@gmail.com>
Quite awhile ago I proposed strengthening create-random-string with something that required cl-ssl as a dependency and it was correctly pointed out that some implementations do not play well with cl-ssl. Would using the strong-random function from ironclad be acceptable? E.g.

(defun create-random-string (&optional (n 10) (base 16))






  "Creates a random string using ironclad's strong-random function with base BASE and N digits"
    (setf crypto:*prng* (crypto:make-prng :fortuna))






    (subseq (with-output-to-string (s)


       (loop for i to n do

            (format s "~VR" base
                    (ironclad:strong-random 100000000000))))






            0 n)) 


Sabra