This module is the convenience interface for the DRBG (NIST standardized
number-theoretically secure random number generator). Everything is setup
for using the crypto-api
CryptoRandomGen type class. For example,
to seed a new generator with the system secure random (
and generate some bytes (stepping the generator along the way) one would do:
gen <- newGenIO :: IO HmacDRBG let Right (randomBytes, newGen) = genBytes gen 1024
An alias for an HmacDRBG generator using SHA512. This is the recommended generator.
g :: GenXor a b generates bytes with sub-generators a and b
and exclusive-or's the outputs to produce the resulting bytes.
g :: GenAutoReseed a b is a generator of type a that gets
automatically reseeded by generator b upon every 32kB generated.
reseed g ent will reseed both the component generators by
breaking ent up into two parts determined by the genSeedLength of each generator.
genBytes will generate the requested bytes with generator
a and reseed
b if there has been 32KB of generated data since the last reseed.
Note a request for > 32KB of data will be filled in one request to generator
a is reseeded by
genBytesWithEntropy will push the entropy into generator
a, leaving generator
b unchanged unless the count hits 32KB, in which case it is reseeds
(for a second time) using
b as in normal operation via
g :: GenBuffered a is a generator of type
a that attempts to
maintain a buffer of random values size > 1MB and < 5MB at any time.
Because of the way in which the buffer is computed (at idle times) and information on the previous generator is lost, it basically is not possible to reseed this generator after a GenError.
Not that it belongs here, or that it is technically correct as an instance of
CryptoRandomGen, but simply because
it's a reasonable engineering choice here is a
GenSystemRandom that streams the system randoms. Take note: