Is safe to use Kernel#rand to get pseudo-random integers?
On Sun, 2009-07-26 at 06:55 +0900, Kless wrote:
Is safe to use Kernel#rand to get pseudo-random integers?
It depends on what you need them for.
-
If you need them for something related to security or authentication,
then no, you need a better-quality randomness source than that. -
If you need them for a monte-carlo simulation, it might be
acceptable. -
If you are writing a game it’s probably okay.
-mental
Ruby uses a mersene twister for its prng. This provides a high quality
source of pseudo random numbers for noncryptographic purposes. If you
need random numbers for crypto or you need independent prng streams then
you need a different source.
Kirk H.
Sent from my Verizon Wireless BlackBerry
On 27.07.2009 09:32, Kless wrote:
and IVs.
n ||= 16Gets 52 cards with values in range 0-255, and then they are
shuffled.
cards = (1…52).map { rand(256) }.shuffleFinally gets ‘n’ cards from the deck, and it is encoded to ASCII.
(1…n).map { cards[rand(52)] }.pack(“C*”)
end
My pseudo randomness math is a bit rusty these days but it may be that
you do not increase randomness by using your approach as you still use
only one source of randomness. If this is the case, the same can be
achieved by doing
def bytes(n = 16)
b = “”
n.times { b << rand(256) }
b
end
or with 1.9
def bytes(n = 16)
“”.tap do |b|
n.times { b << rand(256) }
end
end
Kind regards
robert
For if this can help to somebody, I use a deck of 52 cards to get a
better randomness. Although it could be used a deck of: number to
return * 2 (or 3)
def bytes(n=nil)
The range of possible values to each card is 256 (0-255), the
maximum length to representing an ASCII character.
By default returns 16 bytes (128 bits), a common value in salts
and IVs.
n ||= 16
Gets 52 cards with values in range 0-255, and then they are
shuffled.
cards = (1…52).map { rand(256) }.shuffle