Ch12.5: Security Considerations

Why These Random Sources Are Secure

The ibuf_white_hole_engine and platform-specific random sources are suitable for cryptographic use because they:

• Read from OS entropy sources: They use the operating system's cryptographically secure random number generator, which collects entropy from hardware sources (timing jitter, hardware random number generators, etc.).
• Are unpredictable: Even if an attacker observes all previous outputs, they cannot predict future outputs.
• Have no hidden state: There's no global state that can be compromised. Each engine instance is independent and thread-safe.
• Securely clear memory: The internal buffer is wiped when the engine is destroyed, protecting cryptographic key material from memory dumps.

When to Use

• Generating cryptographic keys
• Creating secure tokens and session IDs
• Salting passwords
• Seeding PRNG engines for simulations or games
• Any security-sensitive application

When Not to Use Directly

• High-performance applications: When you need millions of random numbers per second, use a fast PRNG like ::std::mt19937 seeded from a secure source instead.
• Reproducible results: When you need to reproduce the same sequence for debugging or testing, use a seeded PRNG with a fixed seed saved to a file.

Common Mistake: Modulo Bias

Never use modulo (value % range) to generate random numbers in a range. This creates biased distributions due to the pigeonhole principle.

Always use ::std::uniform_int_distribution or other distributions from <random>. The distribution uses rejection sampling to ensure each value in the range has exactly the same probability.

See Ch12.2: The Pigeonhole Principle for details.

Key Takeaways

• ibuf_white_hole_engine is cryptographically secure and suitable for cryptographic applications.
• Use it for keys, tokens, passwords, and any security-sensitive application.
• For high-performance or reproducible needs, seed a fast PRNG with ::std::seed_seq from the secure engine.
• Never use modulo to generate numbers in a range — use distributions.
• The engine securely clears its buffer on destruction, protecting sensitive data.