Is there a C++11 CSPRNG?

Question

As we know, the Mersenne Twister is not crytographically secure:

Mersenne Twister is not cryptographically secure. (MT is based on a linear recursion. Any pseudorandom number sequence generated by a linear recursion is insecure, since from sufficiently long subsequencje of the outputs, one can predict the rest of the outputs.)

But many sources, like Stephan T. Lavavej and even this website. The advice is almost always (verbatim) to use the Mersenne Twister like this:

auto engine = mt19937{random_device{}()};

_{They come in different flavors, like using std::seed_seq or complicated ways of manipulating std::tm, but this is the simplest approach.}

Even though std::random_device is not always reliable:

std::random_device may be implemented in terms of an implementation-defined pseudo-random number engine if a non-deterministic source (e.g. a hardware device) is not available to the implementation. In this case each std::random_device object may generate the same number sequence.

The /dev/urandom vs /dev/random debate rages on.

But while the standard library provides a good collection of PRNGs, it doesn't seem to provide any CSPRNGs. I prefer to stick to the standard library rather than using POSIX, Linux-only headers, etc. Can the Mersenne Twister be manipulated to make it cryptographically secure?

Answer 1

Visual Studio guarantees that random_device is cryptographically secure and non-deterministic: https://msdn.microsoft.com/en-us/library/bb982250.aspx

If you want something faster or cross platform, you could for example use GnuTLS: http://gnutls.org/manual/html_node/Random-number-generation.html It provides random numbers of adjustable quality. GNUTLS_RND_RANDOM is what you want I think.

As several people already said, please forget about MT in cryptographic contexts.