(littlemaninmyhead.wordpress.com)

108 points rurban | 1 comments | 31 Aug 25 18:49 UTC | HN request time: 0.205s | source

Show context

Aardwolf ◴[04 Sep 25 14:09 UTC] No.45127470[source]▶

Xorshift128+ is not a cryptographic rng though, so at least this isn't a cryptographic attack...

Should programming languages use cryptographic rngs like a ChaCha20 based one in their standard libraries to stop accidental use of non cryptographic rngs for cryptographic purposes? But that comes at the cost of speed

replies(6): >>45127744 #>>45127837 #>>45127961 #>>45127992 #>>45131766 #>>45131852 #

hannob ◴[04 Sep 25 20:25 UTC] No.45131852[source]▶

>>45127470 #

> But that comes at the cost of speed

That is mostly a myth.

I mean... technically, yes. But the cost is so marginal that you will have a hard time even measuring it unless you generate gigabytes of data.

For pretty much all common use cases like generation of ids, tokens, etc., you can use a secure random number generator and it will not impact your performance in any meaningful way.

replies(1): >>45136240 #

1. tialaramex ◴[05 Sep 25 08:20 UTC] No.45136240[source]▶

>>45131852 #

It's also the exact same silly argument as for the memory unsafety.

Incorrect isn't faster, it's just wrong, I can have wrong instantly and you're not faster than that, or smaller, or cheaper, or easier to understand. So you're just much worse.

↑

Inverting the Xorshift128 random number generator