All geek questions in one place

What is (otherwise) wrong with using time as a seed to generate random numbers?

I understand that time is an unsafe seed for generating random numbers, because it effectively reduces the size of the seed space .

But I will say that I'm not interested in security. For example, let's say I'm doing a Monte Carlo simulation for a card game. However, I take care to get as close to true chance as possible. Will time as a seed affect the randomness of my conclusion? I think the choice of PRNG matters more than the seed in this case.

+6
source share
4 answers

For security reasons, you obviously need to get a lot of entropy. And only one time can not guarantee this.

For modeling purposes, the quality of the seed does not matter much if it is unique. As you noted, the quality of PRNG is more important here.
Even the PRNG in the game can be safe. For example, in multiplayer games, a player can find out the internal state of PRNG and use it to predict future random events, guess the opponentโ€™s cards, get the best loot, ...

One common mistake that uses time to extract PRNGs is that time does not change very often. For example, in windows, most time-related functions only change their return value every few milliseconds. Thus, all PRNGs created with this interval return the same sequence.

+4
source

For completeness only, this document by Matsumoto et al. Illustrates well how important the initialization scheme (i.e. the way you select your seed (s)) is for modeling. It turns out that a poor initialization scheme can greatly distort the results, although the RNG algorithm as such is basically good.

+3
source

If you just run one instance of your program, then there should not be too many problems.

However, I saw people running several programs at the same time, and then every semester of the program over time. In this case, the entire program receives the same sequence of random numbers. In particular, I saw people sow the apache process on every call using a random number as a session identifier, only to find that different people get to the web server at the same time receive exactly the same identifiers.

Therefore, if you expect to run several simultaneous versions of the program, then using time is a very bad idea.

+2
source

Think that your program runs very fast and asks you to use the system time as a seed in a large sequence with a very small interval. You can get the same time as the answer, so this will result in the creation of the same random number. Thus, even with modeling, a problem with low entropy can be a problem.

Given that itโ€™s not so difficult to have any other sources of entropy in your system, even if your operating system can provide you with some almost random numbers, you can use them to increase the entropy of your temporary seed.

+1
source

Source: https://habr.com/ru/post/892610/

More articles:


All Articles