[erlang-questions] Erlang random number generator weak?
Steven Grady
sgrady@REDACTED
Thu Nov 20 03:45:13 CET 2008
On Nov 12, 2008, at 1:40 PM, Robert Virding wrote:
> Note that the number sequence from random is in fact quite good, it
> uses a good algorithm. *BUT* it is deterministic if you know one
> number/seed, so while it is perfectly ok for simulation and such, it
> is *NOT* safe to use for cryptographic purposes!
Actually, as Bob Ippolito pointed out, it's not good.
The suggested method for seeding the random # generator is with the
output of now/0. But it doesn't do that great a job. For instance:
9> random:seed(1227,148109,510934).
{10546,1383,21000}
10> random:uniform().
0.7772113669872482
11> random:uniform().
0.940382527663111
12> random:uniform().
0.9099172311315766
13> random:uniform().
0.4748388276068418
14> random:seed(1227,148109,450288).
{10546,1383,21000}
15> random:uniform().
0.7772113669872482
16> random:uniform().
0.940382527663111
17> random:uniform().
0.9099172311315766
18> random:uniform().
0.4748388276068418
Note that lines 9 and 14 use _different_ seeds, as might come out of
now/0. But the random generator still generates the same values.
Instead, use crypto. Bonus: no seeding required.
Steven
More information about the erlang-questions
mailing list