tags:

views:

730

answers:

8
+13  Q: 

What is the difference between a randomly generated number and secure randomly generated number?

As the title says What is the difference between a randomly generated number and secure randomly generated number?

+17  A: 

No computationally feasible algorithm should:

  • recover the seed, or
  • predict the "next bit"

for a secure random number generator.

Example: a linear feedback shift register produces lots of random numbers out there, but given enough output, the seed can be discovered and all subsequent numbers predicted.

Purfideas  2008-09-19 12:08:59
+2  A: 

With just a "random number" one usually means a pseudo random number. Because it's a pseudo random number it can be (easily) predicted by an attacker.

A secure random number is a random number from a truly random data source, ie. involving an entropy pool of some sorts.

Tobi  2008-09-19 12:09:46
This is actually really, really inaccurate: A randomly generated number means just that, randomly generated: roll a die, listen to white noise from the sound card, random.
Aaron Maenpaa  2009-01-24 13:50:13
Pseudo random number generators generate apparently random numbers algorithmically. For example Mersenne Twister. Cryptographically strong random number generators are no less "pseudo" they also generate numbers algorithmically.
Aaron Maenpaa  2009-01-24 13:51:50
However, they generally are shown to be difficult to predict provided their entropy pool remains secret. An example of a cryptographically strong pseudo random number generator (prng) is Yarrow which is used in the implementation of /dev/random and /dev/urandom on Mac OS X and was designed by Bruce.
Aaron Maenpaa  2009-01-24 13:54:42
A: 

It probably depends on the context, but when you are comparing them like this, I'd say "random number" is a pseduo random number and a "secure random number" is truly random. The former gives you a number based on a seed and an algorithm, the other on some inherintly random function.

Johannes Hoff  2008-09-19 12:10:25
Secure Random Numbers do not have to be from truly random sources For example, it is typically pretty secure to generate secure random numbers by using a good pseudo random source and using the MD5 checksum result as the secure random results. This is not an ideal solution, but decent one.
Tall Jeff  2008-09-19 12:17:04
A: 

It's like the difference between AES and ROT13.

To be less flippant, there is generally a tradeoff when generating random numbers between how hard it is and how predictable the next one in the sequence is once you've seen a few. A random number returned by your language's built-in rand() will usually be of the cheap, predictable variety.

moonshadow  2008-09-19 12:12:41
+1  A: 

Agree with Purfiedeas. There is also nice article about that, called Cheat Online Poker

m_pGladiator  2008-09-19 12:14:05
+4  A: 

A secure random number should not be predictable even given the list of previously generated random numbers. You'd typically use it for a key to an encryption routine, so you wouldn't want it guessable or predictable. Of course, guessable depends on the context, but you should assume the attacker knows all the things you know and might use to produce your random number.

There are various web sites that generate secure random numbers, one trusted one is hotbits. If you are only doing the random number generation as a one off activity, why not use a lottery draw result, since it's provably random. Of course, don't tell anyone which lottery and which draw, and put those numbers through a suitable mangle to get the range you want.

Martin  2008-09-19 12:38:35
A: 

A random number would probably mean a pseudo random number returned by an algorithm using a 'seed'.

A secure random number would be a true random number returned from a device such as a caesium based random number generator (which uses the decay rate of the caesium to return numbers). This is naturally occurring and can't be predicted.

Gary Willoughby  2009-02-24 11:11:12
+1  A: 

Note that numbers aren't random. "Randomness" simply isn't a property of any given number (not even when XKCD tells you otherwise).

Only the process of generating the numbers could possibly be rated on "randomness". Read What Colour are your bits for some discussion on this topic.

Joachim Sauer  2009-02-24 11:19:57
Any comment with an XKCD reference get's my vote of approval :)
Pure.Krome  2009-09-24 12:56:49

related questions

Is Windows' rand_s thread-safe?
What is the best way to pick a random row from a table in MySQL?
How to simplify this code (generates a random int between min and max base on unsigned int)?
Given a function which produces a random integer in the range 1 to 5, write a function which produces a random integer in the range 1 to 7
How to solve performance problem with Java SecureRandom?
What is a cross platform way to select a random seed in Java?
best way to pick a random subset from a collection?
Is reading /dev/urandom thread-safe ?
Picking a random element from a set
Testing for Random Value - Thoughts on this Approach?
What is the best replacement for Windows' rand_s in Linux/POSIX?
Best way to randomize a string array in C#
How can I give java.util.Random a specific seed in thirdparty classes?
How do you generate passwords?
How do I return random numbers as a column in SQL Server 2005?
Create many constrained, random permutation of a list
How best to generate a random string in Ruby
Unit test for randomized data
Converting a Uniform Distribution to a Normal Distribution
Random Weighted Choice in T-SQL
Random weighted choice
Arithmetic underflow or overflow exception during debugging
Select a random N elements from List<T> in C#
How to request a random row in SQL?