<div class="gmail_quote">On Wed, Aug 17, 2011 at 11:10 AM, Ryan Newton <span dir="ltr"><<a href="mailto:rrnewton@gmail.com">rrnewton@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
The problem with Mersenne twister is that it doesn't split well. The main reason for crypto prng in this package would not be to advertise to people that "System.Random can be used for security-related apps" <b>but to make splitting reasonably safe</b>.</blockquote>
<div><br></div><div>The more fundamental problem is that splitting is neither well understood nor generally safe, and as such it should not be in the basic Random class. A more sensible API would have a Random class that lacks a split operation, and a SplittableRandom class that permits it, as you mention later in your message. Most current PRNGs could then be instances of Random, but not SplittableRandom.</div>
<div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">And I think we need splitting, especially as more Haskell programs become parallel.</blockquote><div><br>
</div><div>I do not agree here, I'm afraid.</div><div><br></div><div>By the way, my mwc-random package is at least as fast as mersenne-twister, has smaller state, and is pure Haskell.</div></div>