I'm assuming he means sufficiently random for cryptographic purposes.
Some pseudo-random number generators don't meet that requirement.
The Ruby 1.9 source code for random says:
This is based on trimmed version of MT19937. To get the original
version,
contact <
http://www.math.keio.ac.jp/~matumoto/emt.html>.
The docs for Kernel#rand say
Ruby currently uses a modified Mersenne Twister with a period of
219937-1.
I'm not a crypto geek but I'm guessing that a Mersenne Twister algorithm
doesn't have sufficient entropy for crypto purposes.
As a proof of concept I whipped up this for MacOSX. It gets random data
from /dev/urandom, which based on the man page is better source of
random
data (Yarrow pseudo random number generator with entropy injected by the
MacOSX SecurityServer). I'm not claiming this is good for crypto work
either, just that it looks better than the Mersenne Twister. I think
this
would work on Linux also since it has /dev/urandom. I got nothing for
Windows.
module Kernel
# Return bytes from /dev/urandom.
# With no arguments, urandom grabs four bytes and returns them as an
# unsigned integer. With an integer argument, urandom returns a
string
# of that size filled with bytes from /dev/urandom.
def urandom(size=nil)
result = File.open('/dev/urandom') { |x| x.read(size || 4) }
size && result || result.unpack("L").first
end
end
Gary Wright