[erlang-questions] Erlang random number generator weak?

Steven Grady sgrady@REDACTED
Thu Nov 20 03:45:13 CET 2008


On Nov 12, 2008, at 1:40 PM, Robert Virding wrote:

> Note that the number sequence from random is in fact quite good, it  
> uses a good algorithm. *BUT* it is deterministic if you know one  
> number/seed, so while it is perfectly ok for simulation and such, it  
> is *NOT* safe to use for cryptographic purposes!

Actually, as Bob Ippolito pointed out, it's not good.

The suggested method for seeding the random # generator is with the  
output of now/0.  But it doesn't do that great a job.  For instance:

9> random:seed(1227,148109,510934).
{10546,1383,21000}
10> random:uniform().
0.7772113669872482
11> random:uniform().
0.940382527663111
12> random:uniform().
0.9099172311315766
13> random:uniform().
0.4748388276068418
14> random:seed(1227,148109,450288).
{10546,1383,21000}
15> random:uniform().
0.7772113669872482
16> random:uniform().
0.940382527663111
17> random:uniform().
0.9099172311315766
18> random:uniform().
0.4748388276068418

Note that lines 9 and 14 use _different_ seeds, as might come out of  
now/0. But the random generator still generates the same values.

Instead, use crypto.  Bonus: no seeding required.

	Steven







More information about the erlang-questions mailing list