435,131 Members | 1,494 Online
Need help? Post your question and get tips & solutions from a community of 435,131 IT Pros & Developers. It's quick & easy.

Efficient pseudo-random number generation

 P: n/a I want to create some random numbers for encryption purposes, and i wonder if the following scheme makes it more hard to guess the underneath number generation pattern, than the plain use of rand(): #include #include int GetRandomNumber() { using namespace std; int depth=rand(); for(int i=0; i
7 Replies

 P: n/a Ioannis Vranos wrote: Does the above make any difference over plain use of rand()? Probably: it is almost certainly worse. Creating good random number generators requires pretty careful analysis; it's easy to fiddle with existing generators and end up with something that's really bad. Knuth talks about an experiment he did where he combined eight (I think) different random number generators, using a random number to pick which generator to use to generate the next value. Turned out to be worse than any of the individual generators that went into the mix. If you've tested the implementation of rand that you're using and determined that it isn't good enough for what you're doing then you need to look at other generators. In particular, you ought to look at the Mersenne Twister: it's big (the most common form of the generator stores 624 32-bit values), but it's fast and it has a long period. -- Pete Becker Dinkumware, Ltd. (http://www.dinkumware.com) Jul 22 '05 #2

 P: n/a "Ioannis Vranos" wrote I want to create some random numbers for encryption purposes, and i wonder if the following scheme makes it more hard to guess the underneath number generation pattern, than the plain use of rand(): #include #include int GetRandomNumber() { using namespace std; int depth=rand(); for(int i=0; i

 P: n/a "Ioannis Vranos" wrote in message news:c6***********@ulysses.noc.ntua.gr... I want to create some random numbers for encryption purposes, and i wonder if the following scheme makes it more hard to guess the underneath number generation pattern, than the plain use of rand(): #include #include int GetRandomNumber() { using namespace std; int depth=rand(); for(int i=0; i

 P: n/a > If you've tested the implementation of rand that you're using and determined that it isn't good enough for what you're doing then you need to look at other generators. In particular, you ought to look at the Mersenne Twister: it's big (the most common form of the generator stores 624 32-bit values), but it's fast and it has a long period. The OP said his application is cryptography. I don't know if that means a toy project or a "real" software project. I hope the OP is working on a toy project. Otherwise, they need to learn MUCH more about random number generators and particularly those that are crypto secure and this topic seems off topic here. OP, neither rand nor Mersenne are suitable for cryptography. You need to be using something such as Blum Blum Shub for example. L. Blum, M. Blum, and M. Shub. A Simple Unpredictable Pseudo-Random Number Generator. SIAM Journal on Computing, volume 15, pages 364-383, May 1986 But more importantly, if this isn't a toy, please take the time to learn the field as well as you can. I'm sure anyone that uses your software will appreciate having a decent crypto system. If it is a toy, well have fun with whichever generator you choose :) Jul 22 '05 #5

 P: n/a "Ioannis Vranos" wrote in news:c6***********@ulysses.noc.ntua.gr: I want to create some random numbers for encryption purposes, and i wonder if the following scheme makes it more hard to guess the underneath number generation pattern, than the plain use of rand(): You might want to take a look at the Crypto++ library: http://www.eskimo.com/~weidai/cryptlib.html It's free, open source, and pretty extensive. b Jul 22 '05 #6

 P: n/a "Keith H Duggar" wrote in message news:b4*************************@posting.google.co m... The OP said his application is cryptography. I don't know if that means a toy project or a "real" software project. I hope the OP is working on a toy project. Otherwise, they need to learn MUCH more about random number generators and particularly those that are crypto secure and this topic seems off topic here. Look in fact i was making a random password generator utility and i wanted cryptographic level randomness. My first priority is portability by using the standard library. Since i saw that rand() rand()ised isn't any good, i used a RNG of .NET cryptographic API (a RNGCryptoServiceProvider object). It's supposed to be thoroughly checked. Ioannis Vranos Jul 22 '05 #7

 P: n/a "Cy Edmunds" wrote in message news:.. . [ ... ] rand() is OK for making a Yahtzee program, but for something as important as encryption I would not recommend it. The standard only requires it to deliver 16 bits and the requirements of its statistical performance are inadequately defined. Good portable generators of 31 bits or more are readily available -- e.g. www.boost.org Though you don't state it directly, you more or less imply that a 31-bit generator IS suitable for encryption. This is NOT generally the case. First of all, rand() is typically implemented as a linear-congruential PRNG, which not suitable for cryptographic purposes, regardless of size. Second, if you do start with a suitable algorithm, a cryptographic generator will generally need to store substantially more than 31 bits of state -- somewhere in the vicinity of twice that would be a reasonable starting point, and depending on exactly what you're doing, the requirements might easily go up from there. -- Later, Jerry. The universe is a figment of its own imagination. Jul 22 '05 #8