On Tue, Mar 11, 2025 at 10:39 PM Jeremy Rifkin wrote:
>
> There is plenty of literature surrounding pseudorandom
> number generation and cryptographically secure pseudorandom
> number generation. No need to reinvent the wheel here. The
> question you should think about is whether you think people need
> CSPRNG like this at compile time.


Well if we want identical builds, i.e. to get the same output binary
file if we use the same compiler on the same source and header files,
then the random numbers cannot come from a true source of entropy
(such as the current fluctuations through a Zener diode in reverse
bias kept near its breakdown voltage). Instead, the random numbers
will have to be mathematically generated.

And I suppose that means either:
    a) Feed sequential numbers followed by a salt into a hash
algorithm such as MD5
    b) Encrypt sequential numbers with an encryption algorithm such as
Rijndael (better known as AES)

A last possibility would be to use some sort of pre-made list of
random numbers. For example generate 10 million random bytes and save
them to "rands.bin" and then have the compiler read from it. The only
problem then would be parallel builds, whereby the random numbers
might be taken in a different order.