[olegkikin]

So is this a good PRNG?

    f(i) = SHA256(i + salt)

[__s]

Discussion: https://crypto.stackexchange.com/questions/9076/using-a-hash...

& http://xoroshiro.di.unimi.it makes reference to how on x86 cpus with AES one could get a very fast prng similar to how you're implying

As a change of 1 bit in an input ideally flips half the bits of the output for a cryptographic hash, this scheme should work

See also https://en.wikipedia.org/wiki/Fortuna_(PRNG)

[marvy]

I don't know much about this stuff, but I think that this would be considered overkill (and thus too slow) if you don't need crypto-level randomness. But other than that it should be really good.

[grenoire]

Random, sure. Uniformly distributed? Not sure.

[AlexCoventry]

My understanding is that to the extent it's not uniformly distributed, that's viewed as a cryptographic vulnerability.

[pvg]

A PRNG usually doesn’t have parameters once seeded. What’s i in your scheme?

If you’re asking if you can make a good PRNG out of cryptographic primitives, yes, that’s what happens in the bowels of OS CSPRNGs. But a bit more involved.

[Javantea_]

No. A feature of a good PRNG is that it should not be predictable. If the salt is weak enough to be cracked, that PRNG can be reversed and predicted.

[__s]

The salt is the seed. Presumably initialized with /dev/random or whichever system entropy source is available. Any PRNG is weak if the seed is weak