Random Number Generation

Many markets today depend on chaos and randomness, online games and sweepstakes, for example, work with it at all the time, and with the growth of these markets comes the need to simulate real-world randomness in computing environments, but can a computer generate really random numbers?

If you are an experienced programmer, you should already have the answer to this, “Just use a rand()“, technically the random functions of the all current languages are pseudo-random, that is, they are not totally random, they normally use seeds in an algorithm to generate the impression of randomness, by knowing the algorithm and where it withdraws its seeds its totally possible to predict the response of the algorithm.

#include <stdlib.h>

Int main () {
    Int randomNumber = rand(); // This is not a "true" random method

Psychology of RNG

The human mind tends to seek patterns and explanations for external effects, so no matter how well done and random the system is created, people will complain, this is exactly the greatest difficulty in testing an RNG functionality, as the result of the test can be affected by your positive or negative experiences.

It is equally true that if your system is flawed people will complain even more, especially if the RNG system influences them directly, as in a game that you are trying to pick up that rare item for days.

Why is a good RNG system important?

An excellent example for the importance of RNG implementations is the 2013 failure in the JAVA SecureRandom class that is implemented on Android systems, which did not exactly generate “random” numbers, which opened up a vulnerability in some Bitcoin wallets that were executed in Android environment, it was basically possible to predict the private keys of the wallets, which has generated lost money for many people, you can see more details here.

How to know if an RNG algorithm and quality?

Before we check the randomness algorithm we need to know if it is a pseudorandom algorithm or a “true” randomness algorithm, this can be clearly evidenced because true algorithms normally acquire sensor data and perform their algorithms based on them, that is, using randomness from the real environment to the algorithm, on the other hand pseudo-random algorithms usually use some time data, such as the current time or the keyboard response time, etc.

The bad news is that we can not prove that an RNG system is good, what we can do is prove that it is bad, we can perform several tests to ensure that the randomness is indeed good, being the main one of it simply pattern recognition. To make life easier for you today, we have some verification and validation software for RNG algorithms such as TestU01 and NIST, to ensure that an algorithm is not bad, we need to pass both, if possible, and more specific tests later.

About the author

Kassio Khaleb

My name is Kassio Khaleb. I'm a web developer, MCP microsoft and software engineer from Brazil. With focus in back-end technologies.

Add comment

Recent Posts