New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated Random::ISAAC to use ISAAC+ #5115
Conversation
Can we please just keep at least one well known RNG algorithm? |
It's an updated version of the same algorithm. |
That's not how it works. Just look at the entirely changed spec file. |
The changed spec file is because it generates different numbers than the last algorithm (because of the update). The only thing changed in that spec file was the large array. Only two lines were changed in the actual algorithm itself. |
@reindeer-cafe Do you know of any other language that uses ISAAC+? |
I'm unaware of any other implementations but I don't think added security would hurt. |
The paper's by Jean-Philippe Aumasson which gives it a fair bit of weight. |
I just find it strange that the paper is from 2006 but it's not used in any other programming language, that's all. |
Aumasson proposed ISAAC+ but it never got any further. Citing Wikipedia, nobody proved that an attacker could detect and exploit that the RNG was in a weak state, either. I would keep ISAAC, not introduce ISAAC+ |
It doesn't seem ISAAC+ has gained much momentum since this PR was proposed. We'll be better off staying with the well-known and proven ISAAC implementation. If there is demand for it, ISAAC+ can be made available as a shard (maybe even added to https://github.com/crystal-lang/crystal-random). |
As outlined in this paper, ISAAC has some weak states. I updated it to the ISAAC+ algorithm from the paper.