On Tue, Mar 19, 2013 at 5:49 AM Paul Eggert wrote: > On 03/18/13 03:26, Leo Liu wrote: > > > From that discussion (almost two years ago) there was clearly interest > > in having a strongly random source. The solution you proposed looks > > excellent. Are there any progress on this matter? > > There's been no progress, alas. > Yours is the first sign of interest that I've seen since then. > I may be able to find a student or two > who might volunteer to work on this; we'll see. > > There's one extra wrinkle I'd like to add while we're at it: > if available we should use the random-number instructions > in recent implementations of x86 and x86-64 architectures > as this should yield even better performance. > > http://en.wikipedia.org/wiki/RdRand I'm working on an implementation of SASL authentication and for that I need to generate a reasonably secure nonce. Performance is not an issue in my application because it only needs to perform authentication every now and then, and each time only a single nonce is needed. I'm now using `(random t)' but that's brittle: I don't see a way to guarantee that the random data it produces is of sufficient quality. (There's a chance both /dev/urandom is unavailable (perhaps because Emacs is running in a chroot or a container) and GnuTLS initialization throws an error, in which case `random' would silently fall back to a non-secure source. I suppose it's good enough for my use case but it does highlight the absence of `secure-random-bytes'.) I wonder, is there anything speaking against adding a simple implementation now and worrying about maximal performance later?