Dependency on random.org on Windows

[meh2481]

RandomDotOrgSeedGenerator (and by extension DefaultSeedGenerator) have a hard dependency on random.org . This is both ill-advised, as this opens a security avenue of attack, and causes problems on days when random.org is down, such as this morning.

This morning on Windows, GA optimization started failing with a NumberFormatException, because random.org output (this morning, only an error page) is attempted to be parsed as a number. This is a terrible idea. Java has built-in SecureRandom features, these should be used to generate random seeds on non-unix systems.

[dwdyer]

Thanks for the feedback. When I wrote this many years ago, I was more concerned with getting a good source of entropy for simulations. The DefaultSeedGenerator is just a convenience to try the seed sources in the order that I preferred for the programs I was writing at the time.

These RNGs are not intended to be used (and should not be used) for sensitive applications such as cryptography or online poker so the hypothetical of random.org being compromised wasn't a priority concern. If it's a concern for you, you can just pass a different SeedGenerator.

The implementation should handle the NumberFormatException more gracefully though. This is an issue for uncommons-maths rather than the Watchmaker Framework so I'll close this issue and open one there.