random seed should be more random

[Jim Ursetto]

The default RNG is seeded with time(NULL) which only changes every 1 second. See CHICKEN_initialize in runtime.c. Actually it only changes every 2 seconds, as C_randomize expects a C_word and the bottom bit is therefore destroyed. Actually, on most platforms it may take up to a minute to change values, as rand() is crap. Example:

while :; do date; csi -p '(random 60000)'; done

Instead it should be seeded with pid XOR seconds XOR milliseconds. This is totally portable and doesn't involve replacing rand() with random() or anything else disruptive, just seeding with more random bits.

I will put together a patch to do this, it is a trivial fix.

[Jim Ursetto]

Even worse, (randomize) only generates a new result once every 1,000 seconds, as (current-seconds) is divided by 1000. I will aim to fix this as well.

[Jim Ursetto]

I guess it is not trivial, the core would not support it without some disruptive changes, i.e. risking compilation failures on unusual platforms.

1) gettimeofday is not available in core on non-UNIX platforms, even though it is available in both mingw and cygwin themselves. Maybe that is historical.
2) getpid is available on unix and windows but perhaps not elsewhere?

In short, there's no easy way to get the process pid or the usec since epoch at initialization time from runtime.c.

With regard to Peter's hash table security patch, which was the impetus for this ticket -- as it requires a random fixnum when SRFI-69 is loaded --, an ugly workaround should be to use the randomization key in make-hash-table, as in

(use random-bsd)
(make-hash-table eq? hash size randomization: (random-fixnum 536870912))

random-bsd only seeds its own generator, not the system one, so unfortunately you can't just load it and affect the random sequence generated by the core RNG.

I'll leave this open, but at the lowest possible priority.

[felix winkelmann]

Fixed in CHICKEN 5 with the new RNG.