Ever since I started that thread, I was wondering about whether or not to translate the utility into C++11 and post it as an article.
What stopped me back then was that the random library in GCC was incomplete.
What stops me now is that I'm unsure if PRNG's can be trusted to do a job as good as "true" RNG's. What's worse, one does not simply securely store the one-time pad information on a computer.
I think you're confusing the probability distribution with the actual distribution of a finite number of samples. An ideal coin is both truly random and uniformly distributed, but it's possible to encounter a different number of heads and tails after a finite number of tosses. The uniformity merely implies that heads(n)/tails(n) tends to 1 as n tends to ∞.
True, for this case I guess either library is adequate. Boost just has some better (very) long period deterministic generators. I'm not so clear on why the whole of that boost library was not included into C++11...
The question remains (and perhaps I should have made it clearer in the first post) how secure would it be, cryptographically, for a program to use the C++11 random library to generate one-time pads?
That's the basis of the XOR encryptor: for any file to be encrypted generate a file of exactly the same size filled with "random" data then XOR them to create the "ciphertext", if you will.
I'm trying to understand if I would be lying to readers by claiming that the method is secure. (Obviously side channel attacks and snooping are a different topic.)