As the first step in the decommissioning of sasCommunity.org the site has been converted to read-only mode.


Here are some tips for How to share your SAS knowledge with your professional network.


Tips Talk:Do not use SAS random numbers for encryption

From sasCommunity
Jump to: navigation, search

This tip would be substantially strengthened if there was actual SAS code which could be pointed to to implement the approaches suggested. I seem to recall that there have been some publications about the weaknesses in the random numbers in SAS and my recollection is that different syntax uses different algorithms. It would be helpful if there were links to this background to substantiate the weaknesses in SAS. --Phil Miller (STATPROF) 13:10, 4 May 2009 (UTC)

Agree with Phil. Could you consider adding a page with additional details that you could link to? --Don Henderson 02:27, 8 May 2009 (UTC)

A valuable tip. Pseudo-random number generation is not secure because it can be duplicated.
Charlie Shipp 01:13, 2 June 2009 (UTC)

Hi guys, I will try to look for some papers on this. Sorry for not replying for such an extended period as I am very busy with projects. I appreciate all the comments for this tip and will start working on this when I have time.--Murphy Choy 19 June 2009


Following Wikipedia, I was interested to read the National Institute of Standards and Technology (NIST) Computer Security Division (Computer Security Resource Center) indicates they know of several approved 'deterministic' random number generators, but no 'true' random number generators. I would bet that encryption needs not be too secure for most purposes. Are there some examples of areas where encryption would be important? Maybe to keep corporate patent secrets?
http://csrc.nist.gov/groups/ST/toolkit/random_number.html
Charlie Shipp 06:02, 30 June 2009 (UTC)


It's when you think you are secure you let your guard down and secrets are stolen. Charlie Shipp 15:00, 24 July 2009 (UTC)


This tip has been here since May .!. What is the procedure now? Charlie Shipp 00:21, 24 October 2009 (UTC)


It would be good if there is a real application for this tip. Liang Xie


As needed, some will see the application: corporate/other proprietary information. Charlie Shipp 01:35, 5 February 2010 (UTC)