Differences between version 5 and previous revision of RandomNumberGenerator.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 5 | Last edited on Thursday, March 25, 2004 2:04:11 pm | by AristotlePagaltzis | Revert |
| Older page: | version 4 | Last edited on Thursday, March 25, 2004 8:14:36 am | by StuartYeates | Revert |
@@ -1,21 +1,19 @@
-A RandomNumberGenerator is either a piece of hardware or software that generates random numbers in the widest sense. There are many different approaches, however, the biggest distinction is between true random number and pseudorandom number generators.
-
-RandomNumberGenerator
is crucial to applications in [Cryptography]: if an attacker can guess the sequence of "random" numbers used to generate keys or other variables for your algorithm, he gets an important foot in the door for cracking your communication -- or can even walk right in.
+A RandomNumberGenerator is either a piece of hardware or software that generates random numbers in the widest sense. A good one
is crucial to applications in [Cryptography]: if an attacker can guess the sequence of "random" numbers used to generate keys or other variables for your algorithm, he gets an important foot in the door for cracking your communication -- or can even walk right in. There are many different approaches for [RandomNumberGenerator]s, however, the biggest distinction is between true vs pseudorandom number generators
.
!!! True random number generators
-These __must__ be hardware. A variety of approaches for their design exist, but listening to white noise or radioactive decay seem to be the most popular ones. There are a number of publicly queriable true random number generators on the web, such as [http://www.random.org/] and [http://www.fourmilab.ch/hotbits/].
+These __must__ be hardware by definition
. A variety of approaches for their design exist, but listening to white noise or radioactive decay seem to be the most popular ones. There are a number of publicly queriable true random number generators on the web, such as [http://www.random.org/] and [http://www.fourmilab.ch/hotbits/].
!!! Pseudorandom number generators
-A pseudo random number generator such as offered by the random(3) and rand(3) of the [C] standard
library generates numbers using mathematical algorithms
. Such a generator has a "period", which means that it produces a repeating sequence of numbers. With a good algorithm, the period length can well reach billions of numbers.
+A pseudo random number generator such as offered by the random(3) and rand(3) functions
of the standard
[C] library generates numbers using mathematical [Algorithm]s
. Such a generator has a "period", which means that it produces a repeating sequence of numbers. With a good algorithm, the period length can well reach billions of numbers.
-However, this
is difficult terrain and
requires thorough understanding of statistics and very sharp math skills. __Do not attempt to roll your own.__ Most naive attempts at handrolled pseudorandom number generators have alarmingly short period lengths. Often, hapless programmers will lump
together two different algorithms with decent period lengths each to get an "improved" one
-- which usually results in
a generator with a ''shorter'' period!
+However, designing such an algorithm
is difficult terrain which
requires thorough understanding of statistics and very sharp math skills. __Do not attempt to roll your own.__ Most naive attempts at handrolled pseudorandom number generators have alarmingly short period lengths. Often, hapless programmers will try to make a "better" generator by lumping
together two different algorithms with decent period lengths each -- but the result is almost inevitably
a generator with a ''shorter'' period!
-Note that true randomness is not always desirable. Random number sequences often have certain specific characteristics which make them better suited as input to certain kinds of statistical algorithm, because they cause a far faster convergence toward the same final result than truly random numbers could. Truly random numbers also make debugging much harder for obvious reasons; if you want to verify an algorithm, you want to be able to replay number sequences as necessary. On the other hand, you will usually need a statistically decently random sequence to examine the longterm behaviour of the algorithm.
+Note that true randomness is not always desirable. Random number sequences often have certain specific characteristics which make them better suited as input to certain kinds of statistical algorithm, because they cause a far faster convergence toward the same final result than truly random numbers could. Truly random numbers also make debugging much harder for obvious reasons; if you want to verify an algorithm, you want to be able to replay "random"
number sequences as necessary. On the other hand, you will usually need a statistically decently random sequence to examine the longterm behaviour of the algorithm, so just using a sequence with regular characteristics wouldn't work
.
So there are many areas where pseudorandom numbers are actually more desirable than truly random ones.
!!! Hybrids
In [Unix] systems, there's commonly a __/dev/random__ device to access a pseudorandom number generator. This generator however includes a twist that lets it generate higher quality random numbers than otherwise expected: its seed is periodically perturbed using using low-level timing information from the network, mouse, keyboard, and possibly other entropy sources, which only the [Kernel] has proper access to. It is generally considered a sufficiently good generator for everything except the random numbers to be used in cryptographic suituations PublicKey generation.
