The first criticism, while valid, is an anachronism as there wasn't Web Crypto when this RNG was written. The other criticisms are fully valid though and should at least make everyone do a double take whether this is fine for their needs or not.
>This is GRC's cryptographically strong PRNG (pseudo-random number generator)
Don't use it for security or crypto. A CSPRNG should not allow the internal state to be determined from observing the output. The hash function Mash() they use is not one-way and this break can reverse it. It does not provide prediction resistance or backtracking resistance.
The technical documentation claims stuff like that it disables bad sector allocation. That's actually a thing, but if you read the man page for some reputable software like hdparm you'll see a nice little note:
> Control of this feature via the -D option is not supported for most modern drives since ATA-4; thus this command may fail.
ATA-4 was standardized in 1998. It can probably actually disable write caching, but it's not like that's unique to SpinRite in the slightest. It's even trivial to change that on Windows which is otherwise horrible for anything low level involving disks. SpinRite doesn't even use LBA48 addressing so if your drive can't address the full capacity in ye olde CHS then too bad, but SpinRite will try to spin that as a problem with your BIOS, a problem with your SATA controller, etc.
I don't see why anyone respects anything he says given his long history of selling snake oil and other shyster tactics. Even the Wikipedia page for SpinRite looks astroturfed and the talk section has a bunch of responses from an unregistered user that all seem to have a similar tone and be suspiciously supportive of some of SpinRite's dubious claims.
If Steve Gibson told me that the sky was blue I think I'd have to go outside and check.
Here's an example of some hype I just found about a device he "invented" that is supposed to really put home routers through their paces, because he's the only one looking out for us. [1] Of course, it maybe doesn't exist, and his claims of what it's going to do sound far-fetched and misguided, but it sure does seem aimed to make him sound like a real security expert. Not sure if he ever made any claims about having evaluated any routers with it.
> Although mathematicians have been unable to determine how many different 26x26 [Latin] Squares can be created, they have been able to determine that the number is at least 9.337 x 10^426, or approximately 2^1418
Seems surprising that the number hasn't been calculated exactly. I'd have guessed it's a mechanically solvable but tedious combinatorics problem, but obviously not.
Also I'm curious how they generate the latin squares, their claims require a uniform distribution of some kind, which is interesting.
Problem is the entropy generation rate. PRNG even with large space typically is running at 10 or better Gbit/sec. PCG with 256/64bit could generate decent numbers at 50Gbit/sec
So if your argument is that you want a big entropy PRNG to get more possible outputs then the generation rate can't be the problem because that's entirely dependent on you being able to generate a big enough seed.
Computing the cryptographic hash of a 1536-bit counter will have better properties (and less handwaving) than this function.
Like, I'm thinking of e.g. the Cloudflare lava lamp thing, and like, isn't that better in every way?
So pseudo removes total dependency on physical events.
Why you don't want to be dependent on physical events:
- You never know if physical events are truly random unless you test them. Your physical RNG source may be broken or compromised.
- A good strategy is to use multiple physical sources of randomness, and this can be any number of things, including modern CPUs with RDRAND (if you trust them), USB attached devices, sampling ADC noise on your sound card, timing network events, etc. Any/all of that has to be combined somehow anyway. Getting data from some of these may be slow.
- So if an operating system needs random numbers quickly, for SSL key generation, UUIDs, nonces, etc. it should use properly seeded pseduorandom numbers.
The PRNG in the linked page isn't very good but in general PRNGs are super useful in the real world even if they aren't truly random, just so long as they have some source of entropy to occasionally mix into the PRNG.
