• (cs)

    But... rand() & 16 is either 0 or 16!

  • (cs)

    Does a higher entropy mean more ordered? or less ordered? Ouch, I'm getting chaos in my head. This looks all random to me.

  • (cs) in reply to GettinSadda
    GettinSadda:
    But... rand() & 16 is either 0 or 16!
    Agreed - shouldn't that be: & 15 ???
  • (cs)

    Wonderful!

  • (cs) in reply to GettinSadda
    GettinSadda:
    But... rand() & 16 is either 0 or 16!
    Winner! But the 0 and 16 are completely random
  • (cs) in reply to TheRider
    TheRider:
    Does a higher entropy mean more ordered? or less ordered? Ouch, I'm getting chaos in my head. This looks all random to me.

    Yes :-)

  • (cs)

    This reminds me of the much easier implementation I have seen somewhere (but, alas, can't remember where):

    int function random() {
        //definite random value as defined by a dice roll
        return 4;
    }
  • monkey_code_hack (unregistered) in reply to TheRider

    XKCD http://xkcd.com/221/

  • tag (unregistered)
  • (cs)

    http://xkcd.com/221/ of course ;-)

    EDIT: Ok, beaten to it twice!

  • Bernie (unregistered)

    Cloud computing sounds random to me; we should obviously hit the network whenever we need a random value.

  • Brompot (unregistered)

    The interesting thing is, if you give it the same seed, it will produce the same 'random' number each time. Now for a randomizer for the seed ;-)

  • Vollhorst (unregistered) in reply to ahnfelt
    ahnfelt:
    http://xkcd.com/221/ of course ;-)

    EDIT: Ok, beaten to it twice!

    And that frightens me the most...

  • krupa (unregistered)

    But... how can you ever get enough entropy when it's always increasing in the universe? Shouldn't that be an infinite loop?

  • tragomaskhalos (unregistered) in reply to TheRider
    TheRider:
    This reminds me of the much easier implementation I have seen somewhere (but, alas, can't remember where):
    int function random() {
        //definite random value as defined by a dice roll
        return 4;
    }

    In Oceans13.dll (http://www.imdb.com/title/tt0496806/) ?

  • (cs) in reply to ahnfelt
    ahnfelt:
    http://xkcd.com/221/ of course ;-)

    EDIT: Ok, beaten to it twice!

    I think we have a new record!

    The time between a new WTF article and first reference to XKCD...

  • (cs)

    Just in case some people may not be clear on the need for "random" numbers to be as close to really random as possible:

    In most applications, like Windows solitaire or even playing good ol' rogue, it doesn't really matter. BUT, I'm sure many of us could think of scenarios where someone could take your money/secrets/whatever by predicting the "random" number. For example, generating crypto keys, or dealing cards in an online gambling site. In such cases, you don't want to settle for plain old "rand() seeded with the time". Most trivial psuedo-random-number generators (PRNGs) are so mechanistic that given a few outputs, the next output can be predicted with high confidence. Usually it's a simple function of the previous value. A more-random (i.e., closer to truly random) generator will incorporate additional "entropy" (no I'm not going to explain that). There are assorted tests for how random a RNG/PRNG's output is.

  • Carlos92 (unregistered)

    The worst thing is that if you happen to run code that tries to increase randomness in an environment where you have a hardware-entropy based random number generator, the code actually consumes the entropy!

  • (cs) in reply to DaveAronson
    DaveAronson:
    There are assorted tests for how random a RNG/PRNG's output is.
    Yes. And these tests usually involve the statistical analysis of a set of values generated from the randomizer under scrutiny.
  • Mee (unregistered) in reply to DaveAronson
    DaveAronson:
    Just in case some people may not be clear on the need for "random" numbers to be as close to really random as possible:

    In most applications, like Windows solitaire or even playing good ol' rogue, it doesn't really matter. BUT, I'm sure many of us could think of scenarios where someone could take your money/secrets/whatever by predicting the "random" number. For example, generating crypto keys, or dealing cards in an online gambling site. In such cases, you don't want to settle for plain old "rand() seeded with the time". Most trivial psuedo-random-number generators (PRNGs) are so mechanistic that given a few outputs, the next output can be predicted with high confidence. Usually it's a simple function of the previous value. A more-random (i.e., closer to truly random) generator will incorporate additional "entropy" (no I'm not going to explain that). There are assorted tests for how random a RNG/PRNG's output is.

    In the right place I would be reading that and nodding to myself. As a reply to this piece of code, not so much, it just sounds like you are repeating something smart you said because that piece of code does not DO that.

  • (cs) in reply to Carlos92
    Carlos92:
    The worst thing is that if you happen to run code that tries to increase randomness in an environment where you have a hardware-entropy based random number generator, the code actually *consumes* the entropy!
    For this reason when I do any form of randomizing in code that may be included in such a system I add ^rand() to the new seed as this factors back in the original randomness
  • (cs) in reply to Bernie
    Bernie:
    Cloud computing sounds random to me; we should obviously hit the network whenever we need a random value.
    Now you're talking. Hit Google with a random query and hash the results html page. This should give you a truly random number.
  • (cs)

    What would improve this program?

    A. More entropy B. Less entropy C. More randomness D. More cowbell E. None of the above

  • moola (unregistered) in reply to tag
    tag:

    why noone fills in title attribute when reposting images from xkcd

  • Goofy McCheese (unregistered)

    If you really want to increase the entropy: http://www.fourmilab.ch/hotbits/

  • someone (unregistered)

    Your still just jumping into the same random tables follwoing a well-defined path on the random number selection.

  • Rnd() (unregistered)

    This is just a random comment

  • techie (unregistered) in reply to Rnd()
    Rnd():
    This is just a random comment

    4

  • DaveShaw (unregistered)
    [image]

    Dave

  • Anonymous Cow-Herd (unregistered)

    According to Debian, there are only 32766 random numbers.

  • (cs)

    There were some well-publicised problems with random-number generators in the past - e.g. this - but I hardly think this is the answer..! If your compiler's rand() function doesn't generate sufficiently-random numbers, get a better compiler.

  • (cs) in reply to TheRider
    TheRider:
    Bernie:
    Cloud computing sounds random to me; we should obviously hit the network whenever we need a random value.
    Now you're talking. Hit Google with a random query and hash the results html page. This should give you a truly random number.
    With a random query, eh? Recursive entropy.
  • (cs) in reply to abx
    abx:
    TheRider:
    Bernie:
    Cloud computing sounds random to me; we should obviously hit the network whenever we need a random value.
    Now you're talking. Hit Google with a random query and hash the results html page. This should give you a truly random number.
    With a random query, eh? Recursive entropy.

    How about just hash the latest Twitter post? Even human readers consider the Twitterstream pretty random.

  • silent d (unregistered)

    To generate a random hash, just hash the string "random"

  • (cs) in reply to TheRider
    TheRider:
    Bernie:
    Cloud computing sounds random to me; we should obviously hit the network whenever we need a random value.
    Now you're talking. Hit Google with a random query and hash the results html page. This should give you a truly random number.

    Where do you get the query from? Obviously it has to be a dictionary word, since nonsense will always fetch the same result page (No results found).

    Then you'll have to account for events like network or service outages...

    ...Or maybe you were kidding...

  • StarlightKnight (unregistered) in reply to silent d
    silent d:
    To generate a random hash, just hash the string "random"

    I'd rather a nice corned-beef hash...

    (ha! beat that for random :P)

  • (cs) in reply to donniel
    donniel:
    TheRider:
    Bernie:
    Cloud computing sounds random to me; we should obviously hit the network whenever we need a random value.
    Now you're talking. Hit Google with a random query and hash the results html page. This should give you a truly random number.

    Where do you get the query from? Obviously it has to be a dictionary word, since nonsense will always fetch the same result page (No results found).

    Then you'll have to account for events like network or service outages...

    ...Or maybe you were kidding...

    Maybe. Who knows?

  • (cs) in reply to TheRider

    They are guaranteed to be random - on a fair d20 dice.

  • (cs)

    Whoops...I thought too much about it.

  • Mee (unregistered) in reply to donniel
    donniel:
    TheRider:
    Bernie:
    Cloud computing sounds random to me; we should obviously hit the network whenever we need a random value.
    Now you're talking. Hit Google with a random query and hash the results html page. This should give you a truly random number.

    Where do you get the query from? Obviously it has to be a dictionary word, since nonsense will always fetch the same result page (No results found).

    Then you'll have to account for events like network or service outages...

    ...Or maybe you were kidding...

    At a minimum, the page will always be different because it includes your original string in the "No Results Found for X" - so it will always be slightly different, which should make a difference when hashed.

    Or maybe you were kidding too.

  • Robert S. Robbins (unregistered)

    I have created a web service to get the NY Lottery numbers. That is what I use for random numbers.

  • (cs)

    I like the flow of his comments:

    // Initialize randomizer // This really doesn't have enough entropy.... // Get the val
    I can see him on the quarter-mile thinking, "On the mark... rev the engine... pop the clutch!"

  • Aaron (unregistered)

    Or you could use a bit of atmospheric noise (like what is generating the die rolls here) to generate true random numbers.

  • (cs)

    In all seriousness, some people need it forced into them that calling rand() multiple times for one random number makes it LESS random, by massively shortening the time until the prng's sequence repeats. Taking a stupidly extreme example, a prng that only produces the following two numbers in never-ending sequence when given the seed "42": 6 9 6 9 6 9 6 9... What do you get if you decide that that's not random enough and xor together two numbers every time instead? That's got to be more random right? Look: 6^9=15 6^9=15 6^9=15 6^9=15. We go from 2 numbers repeating to 1 number! How about xoring together a random number of numbers? More random, surely! Look: (6 numbers)(9^6^9^6^9^6) = 15 (9 numbers)(6^9^6^9^6^9^6^9^6) = 6 (9 numbers)(6^9^6^9^6^9^6^9^6) = 6 6 6 6. Lovely, it loops to the same number after the second call!

    The only way to make it more random is to give it more data (entropy). e.g. take a 1024 element array of numbers and use the value from shitty-prng to step through it (using that primes trick to make sure that you go through all the numbers no matter what the step number is). Suddenly you can get a 1024 number sequence from a prng that only outputs 6 and 9!

    Or you could just implement or use an existing implementation of the mersenne twister prng, with it's 2^19937 − 1 long number sequence and 64-bit output. Or another, if you need to. Whatever you do, don't try to make a prng of your own without a degree in number theory.

  • (cs)

    As someone else mentioned about this particular block of code, giving it the same seed will always have it output the same number in return. Honestly, it's no better than a standard prng (obviously, it's much worse).

    In this method, however, the number is STRICTLY defined by the number given to it as a seed. There is no other factor. This method will never produce a random number.

    Why do people seem to think that constantly reseeding will guarantee something is more random than simply seeding the number generator once?

  • (cs)

    Along with Hotbits, there's Random.org.

  • Aris (unregistered) in reply to Thief^

    The stupied thing in that code is that the guy forces the implementation to reseed the generator at each call. I'd bet my hands everywhere in the code the generator is seeded with time(NULL) or derivatives

  • (cs) in reply to bnt
    bnt:
    There were some well-publicised problems with random-number generators in the past - e.g. this - but I hardly think this is the answer..! If your compiler's rand() function doesn't generate sufficiently-random numbers, get a better compiler.
    How is the quality of the compiler going to give you a better rand() function? rand() is just fine for simple applications. If you want something better, either implement your own (such as the previously mentioned Mersenne Twister) or use the OS supplied crypto quality PRNG.

    Switching compilers for a different rand() function seems rather extreme and pointless...

  • Randy Waterhouse (unregistered)

    EAGCI CAQCK HYCUC PEXBU BXIUK GJRGT KKTRN CUNSW YAVBV YQZWS UYPCS AJCRP VCAPT NROBK KALGB GESGA KAYAC RAMUS CQUCF OPXCR HNSST TZXMF YXFXY IOYUI RWYLZ EZPBC GJPYC JSBHF GFCMC AURZP AQMZC LDCAF EHOUG REZSL EZRGL UHFLG VMXHL ZTPBT VGBKA HBEGT QLSHS EBZJN GEZEM LDFAF ZWLAG MIHRO BHAUP SYQSI EZMDD YOHEP MDLYD SKLZC ABKAV ZTUQL CUKPY NONVS DHVPF ZHQKH TLIDM EDFZU QBPBR NPFBK XESTT YSAPD IIPQL BVPGU JXWYZ NMOSN ZQRRK LQDMF HUNWL ZXGOE BYBYW ALJPE WOVOG GZWJL BRGPO ROLYD QABSY YSKII PEXKT DRTAB FBSLQ GCFSB IIBKA AJTKR CZWZK PCBIC CNEVZ VBBAT DJCEU CFEWP VYPSX AIABQ DEEIZ DDAFE UIOWN IZTNW IIUYB SYJTA AWEEF DIIEO NYWBV KKVDX RMGML IFKRZ KRWOW BREKV SXUPZ PAKLE IDRPQ CXVMO UXGQL CSDHC YAATQ ZJRKU VSXNH NQFJC UEZAV LDNOL QNLQG BPPTZ KOSHB ZVSFF UZKUZ FGDTU OJHZZ OBPEU POJHW LHSDM XYLHT LNZOG UCQCC QQEFU ZVJIC FUKXY WVWID QTQPI XJLOL NECSK XRFGA ILUSJ TPEQX HGRYW ZWGKK SYOUR YRIEX IMJDE SXTXN RETID PIZVT JNRYI IXARB XAOHE SABMX OEBIM FYVET OOHGM PPKPG LNHAV LTVNG SCKUK XZISE CGSKM FABQQ ICEPC ZBVVO BNQLI BIIKB NMHGW ULWVB NEERT GQUBL JCZZO IBXQL YDXFJ UAVRW XEABV UHMPJ YYMXY AFZYW LWZIC JDCFV YDAYE VTMII WGGID FJJEH FPDFY GPCIU YGXYF CUYPC HLJNT NSDWX KCNOH MUXPC RNJPL PSFOH IVSRJ MECPB AADNO

  • Janis (unregistered) in reply to Thief^

    Only case where I'd suggest to call rand() multiple times: is that if you need 64bit number, but rand() generated 32bit number (or any other case where rand() generates less than you need). And do something like this a = rand() b = rand() result = a shl 32 + b

    Or you have better solution for this? (Without writing my own prng)

Leave a comment on “More Entropy, Please”

Log In or post as a guest

Replying to comment #211123:

« Return to Article