tags:

views:

730

answers:

8

As the title says What is the difference between a randomly generated number and secure randomly generated number?

+17  A: 

No computationally feasible algorithm should:

  • recover the seed, or
  • predict the "next bit"

for a secure random number generator.

Example: a linear feedback shift register produces lots of random numbers out there, but given enough output, the seed can be discovered and all subsequent numbers predicted.

Purfideas
+2  A: 

With just a "random number" one usually means a pseudo random number. Because it's a pseudo random number it can be (easily) predicted by an attacker.

A secure random number is a random number from a truly random data source, ie. involving an entropy pool of some sorts.

Tobi
This is actually really, really inaccurate: A randomly generated number means just that, randomly generated: roll a die, listen to white noise from the sound card, random.
Aaron Maenpaa
Pseudo random number generators generate apparently random numbers algorithmically. For example Mersenne Twister. Cryptographically strong random number generators are no less "pseudo" they also generate numbers algorithmically.
Aaron Maenpaa
However, they generally are shown to be difficult to predict provided their entropy pool remains secret. An example of a cryptographically strong pseudo random number generator (prng) is Yarrow which is used in the implementation of /dev/random and /dev/urandom on Mac OS X and was designed by Bruce.
Aaron Maenpaa
A: 

It probably depends on the context, but when you are comparing them like this, I'd say "random number" is a pseduo random number and a "secure random number" is truly random. The former gives you a number based on a seed and an algorithm, the other on some inherintly random function.

Johannes Hoff
Secure Random Numbers do not have to be from truly random sources For example, it is typically pretty secure to generate secure random numbers by using a good pseudo random source and using the MD5 checksum result as the secure random results. This is not an ideal solution, but decent one.
Tall Jeff
A: 

It's like the difference between AES and ROT13.

To be less flippant, there is generally a tradeoff when generating random numbers between how hard it is and how predictable the next one in the sequence is once you've seen a few. A random number returned by your language's built-in rand() will usually be of the cheap, predictable variety.

moonshadow
+1  A: 

Agree with Purfiedeas. There is also nice article about that, called Cheat Online Poker

m_pGladiator
+4  A: 

A secure random number should not be predictable even given the list of previously generated random numbers. You'd typically use it for a key to an encryption routine, so you wouldn't want it guessable or predictable. Of course, guessable depends on the context, but you should assume the attacker knows all the things you know and might use to produce your random number.

There are various web sites that generate secure random numbers, one trusted one is hotbits. If you are only doing the random number generation as a one off activity, why not use a lottery draw result, since it's provably random. Of course, don't tell anyone which lottery and which draw, and put those numbers through a suitable mangle to get the range you want.

Martin
A: 

A random number would probably mean a pseudo random number returned by an algorithm using a 'seed'.

A secure random number would be a true random number returned from a device such as a caesium based random number generator (which uses the decay rate of the caesium to return numbers). This is naturally occurring and can't be predicted.

Gary Willoughby
+1  A: 

Note that numbers aren't random. "Randomness" simply isn't a property of any given number (not even when XKCD tells you otherwise).

Only the process of generating the numbers could possibly be rated on "randomness". Read What Colour are your bits for some discussion on this topic.

Joachim Sauer
Any comment with an XKCD reference get's my vote of approval :)
Pure.Krome