[Mono-list] Random

Ben Adida ben@mit.edu
Tue, 31 Jul 2001 18:24:07 -0400

[pedantic mode on]

Every practical random number generator is a pseudo-random number 
generator in that it's not actually collecting data from a really random 
source like cosmic radiation, it's generating pseudo-randomness from an 
initially reproducible "seed."

System.Random probably uses a very simple modular multiplication means 
of generating randomness with a fairly short (in cryptographic terms) 
cycle. It's much like the rand() call in Unix, or the default random in 
Java, too. The stuff in the Cryptography library is probably a much more 
secure means of generating random numbers, using secure hashing like 
SHA1 or MD5 to take the seed from one state to the next.

The reason the default random is not that secure is that a secure PRNG 
is processor-intensive to seed and run. So they made the same decision 
the Java guys made: if you want randomness that doesn't need to be 
cryptographically strong, use the default stuff. If you understand the 
issues of secure random generation, use the crypto library.


PS: I believe the Java secure PRNG seeds itself (if you choose to 
auto-seed it rather than providing your own secure seed) by spawning 
tons of threads and observing the various scheduler timings of how the 
threads yield to one another for about 20 seconds. This is not random, 
it's irreproducible, which is what you want for the seed. And it 
obviously takes a while. And of course, it might be patented.

[pedantic mode off]

Matthew S. Ford wrote:

> I was browsing through Microsoft's classes for dotNET and found out 
> that the System.Random() is a pseudo random number generator.
> Their real random number generators are in 
> System.Security.Cryptography derived classes of RandomNumberGenerator.
> From,
> Matthew S. Ford
> _______________________________________________
> Mono-list maillist  -  Mono-list@ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list