How do computers generate random numbers?

73 点作者 sunny--tech超过 3 年前

22 条评论

It's a good introductory write up, but there are 3 things about it that frustrated me to no end.> "As a human, I can do this very easily. 100101011010010110001101 There, I just did it.No, you didn't. That number is most certainly not random, there are biases in it, you just don't know there are. Your mind is not random. This is why we use dice and not people to generate random bits.> What do you mean by “kind of random number”? Aren’t all random numbers the same. Not really. There are two primary types of random number generators.I growled audibly at this one. Random numbers should all be the same. In quality, not quantity, of course. There should be no discernible difference. There is one kind of random number, only different types of generators, with a PRNG if the seed is provably destroyed there should be absolutely no way to distinguish between a number generated by a PRNG and a TRNG.> The computer hardware isn’t the only source of entropy. The user’s own mouse and keyboard movements can be used as well.No. These movements are not random. Similar to my first gripe, your brain is not random. We used to use this approach to generate entropy and now we don't because this is understood, "random" user inputs should absolutely never be used to generate randomness in anything security related.> Despite the benefits of CSPRNGs, as with everything else in the tech industry, security can never be guaranteed.I'm glad you pointed this out. Everything in cryptography is based on unproven axioms, this is an important point that people should understand, it could be that P=NP, it could be that an algorithm exists to factor numbers to primes, we think not but really we don't know.

评论 #28459401 未加载

评论 #28464182 未加载

评论 #28459929 未加载

评论 #28461324 未加载

评论 #28460148 未加载

评论 #28464981 未加载

评论 #28465299 未加载

评论 #28459261 未加载

xkeysc0re超过 3 年前

Writing your own random number generator can be a lot of fun. Lots of sources of entropy out there. Inspired by lavarand[0], I wrote an RNG in Python based on the output of the Global Conscousness Dot[1] (which is a ridiculous project in its own right). There's a lot of ways to visualize and ascertain how "random" your numbers are as well, whether plotting Pearson's with matplotlib or using a command line tool like ent[2] to calculate the degree of entropy.[0] <a href="https://en.wikipedia.org/wiki/Lavarand" rel="nofollow">https://en.wikipedia.org/wiki/Lavarand</a>[1] <a href="https://gcpdot.com/" rel="nofollow">https://gcpdot.com/</a>[2] <a href="https://manpages.ubuntu.com/manpages/bionic/man1/ent.1.html" rel="nofollow">https://manpages.ubuntu.com/manpages/bionic/man1/ent.1.html</a>

评论 #28459515 未加载

评论 #28458815 未加载

评论 #28459579 未加载

Someone超过 3 年前

“The most common algorithms used for PRNGs are linear congruential generators”I doubt that is still true for ‘modern’ languages. Let’s google a few.<a href="https://docs.microsoft.com/en-us/dotnet/api/system.random?view=net-5.0" rel="nofollow">https://docs.microsoft.com/en-us/dotnet/api/system.random?vi...</a> says “The current implementation of the Random class is based on a modified version of Donald E. Knuth's subtractive random number generator algorithm”. So, that’s a no.<a href="https://rust-random.github.io/book/guide-rngs.html" rel="nofollow">https://rust-random.github.io/book/guide-rngs.html</a> doesn’t appear to mention multiplicative algorithms, either.<a href="https://developer.apple.com/documentation/swift/systemrandomnumbergenerator" rel="nofollow">https://developer.apple.com/documentation/swift/systemrandom...</a> says “SystemRandomNumberGenerator is automatically seeded, is safe to use in multiple threads, and uses a cryptographically secure algorithm whenever possible.”

评论 #28471360 未加载

SavantIdiot超过 3 年前

I've been working with the NIST 800-22 evaluation suite [1] and yes, it is very hard. There are an infinite number of tests to determine if a number is random. Ultimately it comes down to probability that it is a good RNG/PRNG and the application. Ironically, if a PRNG is good enough, it can often be BETTER than a random source (which is why RNGs have a conditioning phase).[1] <a href="https://csrc.nist.gov/Projects/Random-Bit-Generation/Documentation-and-Software/Guide-to-the-Statistical-Tests" rel="nofollow">https://csrc.nist.gov/Projects/Random-Bit-Generation/Documen...</a>

评论 #28459607 未加载

lscharen超过 3 年前

I'll take this opportunity to link to Luc Devroye's freely available book "Non-Uniform Random Variate Generation".<a href="http://www.nrbook.com/devroye/" rel="nofollow">http://www.nrbook.com/devroye/</a>An undergraduate algorithms + statistics class is sufficient to get a lot out of this book, even if it's just exposure to the wide variety of techniques for generating random numbers on a computer.

Borrible超过 3 年前

Use leftovers. They're all over the Universe.<a href="https://www.researchgate.net/publication/283762433_The_Cosmic_Microwave_Background_Radiation_Power_Spectrum_as_a_Random_Bit_Generator_for_Symmetric_and_Asymmetric-Key_Cryptography" rel="nofollow">https://www.researchgate.net/publication/283762433_The_Cosmi...</a>

simonblack超过 3 年前

Two basic ways:Computed:NOT truly random. Way back in the late 70s, I had a BASIC program that used to output the very same set of 8-digit 'random' numbers every time the program was used.(Unless you did a special thing the first time, to obtain a random seed to generate a different sequence of pseudo-random numbers. IIRC, it was the number of machine cycles since the last time the floppy disk was accessed.)Hardware:Truly random: The machine counts machine cycles with a small maximum number before it overflows and restarts at zero. The machine looks at the time difference between things like key presses, or disk-spins, or something else that varies in time.No matter how good you are the variation in time between your key-presses is never the same at the very small time-flow level. That number is used as a seed to a pseudo-random generator.

dragontamer超过 3 年前

A modern "pseudo random number" is simply a sequence of numbers that visits the state-space in an order that's difficult to detect with modern statistical tests. (Chi-squared, among others). See PractRand or TestU01 as two packages for testing these sequences. That is to say: instead of the sequence "0, 1, 2, 3, 4, 5... 4294967296... 0", your RNG will do some other sequence.Yes, "0, 3, 6, 9... 4294967295, 2, 5, 8... 4294967294, 1, 4, 7... 4294967293, 0, 3..." is a RNG of sorts, but an example of a really, really bad one that would instantly fail most statistical tests. :-) But conceptually, the Mersenne Twister, LCGRNG, and LSFR all accomplish this. Its a "reordering" of the sequence. That's it.A "cryptographic random number" just adds a few additional tests to the pool of statistical tests. In particular: differential cryptography gets into the nitty gritty about which bits can predict the results of other bits. You have to assume that the "opponent" is willing to use extraordinary amounts of computing power to detect patterns.If bit#25 has a 51% correlation with bit#30, you fail cryptographic random numbers. You need to be within 2^128 (at least) worth of security or more. That means a near 50% correlation (maybe 50.00000000001% is fine) between bits and future bits.For example: the sequence: {AES(0, key), AES(1, key), AES(2, key)... AES(2^128, key), AES(0, key)...} is a cryptographically secure random number generator. The sequence will loop after its 128 bits of state are exhausted. If the "opponent" doesn't know the key, the bitwise correlations are cryptographically sound (thanks to the hard work of the engineers behind AES).A true random number generator is just a cryptographic number generator applied to a truly random seed. White noise generators are a well known electronic-engineer trick: resistor noise is everywhere but is rather small (but you can build a white-noise generator from Johnson Nyquist noise if you really wanted). More likely, you use shot-noise from a transistor junction, at least at the hobbyist level.Intel / AMD have true random number generators from some kind of electrical noise generator on every CPU, which feeds into cryptographic random number generators.There are other sources of noise: radiation is a well known one but I'm not sure if they're practical.There's a "speed limit" to white noise generators. You only can extract so much entropy from them in a given time (ex: Remember: CPUs operate at 4GHz, or 0.25 nanoseconds per clock tick). Cryptographic random number generators "stretch" the true seed of randomness, while the white-noise generator continues to grab more entropy.

评论 #28459152 未加载

评论 #28458865 未加载

rrauenza超过 3 年前

I'm trying to remember a technique based on listening to static or whitenoise and taking the least significant bit. You then take that stream of bits and postprocess it by looking for bit changes and don't use them directly.That's a vague and I'm sure inaccurate description, but it isn't enough for me to google it ... anyone know what I'm referring to?

评论 #28460209 未加载

mjreacher超过 3 年前

"Anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin."- John von Neumann

hdivider超过 3 年前

PCIe and USB cards like this are available, generating TRNs using quantum optics:<a href="https://www.idquantique.com/random-number-generation/products/quantis-random-number-generator/" rel="nofollow">https://www.idquantique.com/random-number-generation/product...</a>

anotherevan超过 3 年前

“The generation of random numbers is too important to be left to chance.” — Robert R. Coveyou

qq4超过 3 年前

I always wanted a Geiger counter for experiments like this.

评论 #28460565 未加载

kerblang超过 3 年前

Did we ever resolve the flame war over /dev/random vs /dev/urandom? I recall puzzling over endless threads of no-you're-wrong

comeonseriously超过 3 年前

Back in the day, IIRC, you could set a sound blaster to generate white noise, then use that as either random number or input to your RNG algo.

dunefox超过 3 年前

I was asked to implement a random number generator in an interview not too long ago. This article should help...

评论 #28472591 未加载

评论 #28469081 未加载

jason_s超过 3 年前

I lost interest at "The most common algorithms used for PRNGs are linear congruential generators."

fnord77超过 3 年前

I thought this was a solved problem for at least a decade with CPU instructions like `RDRAND`

评论 #28458873 未加载

sunny--tech超过 3 年前

Link to bypass paywall: <a href="https://betterprogramming.pub/generating-random-numbers-is-a-lot-harder-than-you-think-b121c3e75d08?source=friends_link&sk=508f781bd2b7e0fc279950284c5a49ae" rel="nofollow">https://betterprogramming.pub/generating-random-numbers-is-a...</a>

评论 #28460374 未加载

abnry超过 3 年前

Obligatory XKCD: <a href="https://xkcd.com/221/" rel="nofollow">https://xkcd.com/221/</a>And also Dilbert: <a href="https://dilbert.com/search_results?terms=Random+Number+Generator" rel="nofollow">https://dilbert.com/search_results?terms=Random+Number+Gener...</a>

dekken_超过 3 年前

some might say, it's impossible.

chipuni超过 3 年前

I just use the XKCD random number generator:<a href="https://xkcd.com/221/" rel="nofollow">https://xkcd.com/221/</a>