Secure Randomness - llRandomBase64()
tracked
Lachesis Ethereal
string llRandomBase64(integer number_of_bits)
Generates number_of_bits random bits using a cryptographically secure random number generator (CS-PRNG or true randomness) and encodes them into a Base64 string. If number_of_bits is not a multiple of 6, up to 5 zero-bits are added for padding. The padding bits must not be random. Padding to full bytes is not a good idea, it will just cause people to immediately throw a llGetSubString() on top of this.
SECURITY
If a PRNG is used, its state must not be shared between scripts.
The PRNG may require/support (re-)seeding using a separate function
llSeedRandomBase64(string seed_material)
However, it is not feasible to demand the script to provide all the entropy. This is also why this function is so important for SL scripting.
RATIONALE
Without secure randomness, the use of cryptography in SL is extremely limited. You can use it for non-security-relevant purposes. You can sort-of comply with protocols, though you are undermining their intended security. You can rely on external services, which makes the SL experience more dependent on services that can go away any time.
SAMPLE IMPLEMENTATION
NOTE: Not recommended for practical use because of its weak entropy source.
Attachment seems to get rejected, I hope it accepts a paste: https://pastebin.com/k4Wrquhm
Log In
Spidey Linden
tracked
Issue tracked. We have no estimate when it may be implemented. Please see future updates here.
Kathrine Jansma
Just hook the function up to /dev/urandom (or getrandom() if you care about filesystem trickery...).
There is no real way to exhaust /dev/urandom anymore after the early boot stages, so exposing it to a script should be a non issue.
Wrapping the result in base64 helps to handle the binary data in a compact way in the string based LSL ecosystem of course.
Lachesis Ethereal
Bavid, a Mersenne Twister might be appropriate for you, if you are just looking for better statistical properties but don't need cryptographic level randomness. It's a much better RNG than most built-in ones, I've used it for a scientific simulator in the past. Don't use the one on the wiki, that's a flawed implementation.
Bavid Dailey
There is a noticeable problem in games that roll die in SL. The bias is apparent , but not fixable
I looked into this at length a long time ago, and found a random number generator website based on radioactive decay - alas gone now - and was able to use it in LSL, but it was onerous.
So I support the idea, if not the suggest implementation details