real random

[Nick Keighley]

    Can anyone show me a skeleton code for *real* random numbers? Not just
using srand and rand that sometimes depends on the clock.

not sure what you mean by "real random". Deterministic computers
can't generate actual random numbers. What they do is call a function
that produces a sequence (on a series of calls) that generate pseudo-
random numbers. That is sequences that when analysed statistically
appear to be random. For many purposes that is very much good enough.
rand is such a function. It is given a seed (start value) when the
program is started. The seed is set by calling srand. Time of
day is often a good-enough value to ensure the program doesn't
do exactly the same thing every time it is run.

Some OSs provide access to a true random noise value- often based
on some physically random process such as thermal noise in a diode.
Check out the documentation of your OS.

If you are interested in pseudo-random number generators look
them up.

 

[Boon]

Can anyone show me a skeleton code for *real* random numbers?

http://en.wikipedia.org/wiki/Hardware_random_number_generator
http://en.wikipedia.org/wiki/Random_number_generation#Physical_methods

 

[Don Bruder]

Can anyone show me a skeleton code for *real* random numbers? Not just
using srand and rand that sometimes depends on the clock.

No, nobody can show you such code, whether as a skeleton, or a fully
developed package. Because there is no such thing - True random numbers
from pure software are currently considered impossible.

For "real random numbers", specialized hardware is needed. Usually such
hardware takes the form of a geiger counter, cosmic ray detector, or a
circuit that "listens" to an electronic noise-source such as a
reverse-biased diode.

The best you can get in pure software is a pseudo-random number.
Frequently, the routine takes the clock as a seed, does some math on it,
and hands back a result, which gets used as the seed the next time a new
"random" number is wanted. The output is always a function of the input.
Know the function and the input, and you know what the output will be
for any pass through it.

Different algorithms (The Mersenne Twister, for instance) can do a
pretty good job of creating decently random numbers, but even the best
of them can still only do pseudo-random - for exactly the reason given
above.

 

[jacob navia]

Bill Cunningham a écrit :

Can anyone show me a skeleton code for *real* random numbers? Not just
using srand and rand that sometimes depends on the clock.

Bill

This is a good one.

/*
A C-program for MT19937, with initialization improved 2002/1/26.
Coded by Takuji Nishimura and Makoto Matsumoto.

Before using, initialize the state by using mt_init_genrand(seed)
or mt_init_by_array(init_key, key_length).

Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the
distribution.

3. The names of its contributors may not be used to endorse or
promote
products derived from this software without specific prior written
permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Any feedback is very welcome.
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
email: m-mat @ math.sci.hiroshima-u.ac.jp (remove space)
*/


/* Period parameters */
#define N 624
#define M 397
#define MATRIX_A 0x9908b0dfUL /* constant vector a */
#define UPPER_MASK 0x80000000UL /* most significant w-r bits */
#define LOWER_MASK 0x7fffffffUL /* least significant r bits */

static unsigned long mt[N]; /* the array for the state vector */
static int mti=N+1; /* mti==N+1 means mt[N] is not initialized */

/* initializes mt[N] with a seed */
void mt_init_genrand(unsigned long s)
{
mt[0]= s & 0xffffffffUL;
for (mti=1; mti<N; mti++) {
mt[mti] =
(1812433253UL * (mt[mti-1] ^ (mt[mti-1] >> 30)) + mti);
/* See Knuth TAOCP Vol2. 3rd Ed. P.106 for multiplier. */
/* In the previous versions, MSBs of the seed affect */
/* only MSBs of the array mt[]. */
/* 2002/01/09 modified by Makoto Matsumoto */
mt[mti] &= 0xffffffffUL;
/* for >32 bit machines */
}
}

/* initialize by an array with array-length */
/* init_key is the array for initializing keys */
/* key_length is its length */
/* slight change for C++, 2004/2/26 */
void mt_init_by_array(unsigned long init_key[], int key_length)
{
int i, j, k;
mt_init_genrand(19650218UL);
i=1; j=0;
k = (N>key_length ? N : key_length);
for (; k; k--) {
mt = (mt ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1664525UL))
+ init_key[j] + j; /* non linear */
mt &= 0xffffffffUL; /* for WORDSIZE > 32 machines */
i++; j++;
if (i>=N) { mt[0] = mt[N-1]; i=1; }
if (j>=key_length) j=0;
}
for (k=N-1; k; k--) {
mt = (mt ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1566083941UL))
- i; /* non linear */
mt &= 0xffffffffUL; /* for WORDSIZE > 32 machines */
i++;
if (i>=N) { mt[0] = mt[N-1]; i=1; }
}

mt[0] = 0x80000000UL; /* MSB is 1; assuring non-zero initial array */
}

/* generates a random number on [0,0xffffffff]-interval */
unsigned long genrand_int32(void)
{
unsigned long y;
static unsigned long mag01[2]={0x0UL, MATRIX_A};
/* mag01[x] = x * MATRIX_A for x=0,1 */

if (mti >= N) { /* generate N words at one time */
int kk;

if (mti == N+1) /* if mt_init_genrand() has not been called, */
mt_init_genrand(5489UL); /* a default initial seed is used */

for (kk=0;kk<N-M;kk++) {
y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
mt[kk] = mt[kk+M] ^ (y >> 1) ^ mag01[y & 0x1UL];
}
for (;kk<N-1;kk++) {
y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK);
mt[kk] = mt[kk+(M-N)] ^ (y >> 1) ^ mag01[y & 0x1UL];
}
y = (mt[N-1]&UPPER_MASK)|(mt[0]&LOWER_MASK);
mt[N-1] = mt[M-1] ^ (y >> 1) ^ mag01[y & 0x1UL];

mti = 0;
}

y = mt[mti++];

/* Tempering */
y ^= (y >> 11);
y ^= (y << 7) & 0x9d2c5680UL;
y ^= (y << 15) & 0xefc60000UL;
y ^= (y >> 18);

return y;
}

/* generates a random number on [0,0x7fffffff]-interval */
long genrand_int31(void)
{
return (long)(genrand_int32()>>1);
}

/* generates a random number on [0,1]-real-interval */
double genrand_real1(void)
{
return genrand_int32()*(1.0/4294967295.0);
/* divided by 2^32-1 */
}

/* generates a random number on [0,1)-real-interval */
double genrand_real2(void)
{
return genrand_int32()*(1.0/4294967296.0);
/* divided by 2^32 */
}

/* generates a random number on (0,1)-real-interval */
double genrand_real3(void)
{
return (((double)genrand_int32()) + 0.5)*(1.0/4294967296.0);
/* divided by 2^32 */
}

/* generates a random number on [0,1) with 53-bit resolution*/
double genrand_res53(void)
{
unsigned long a=genrand_int32()>>5, b=genrand_int32()>>6;
return(a*67108864.0+b)*(1.0/9007199254740992.0);
}
#ifdef TEST
#include <stdio.h>
/* These real versions are due to Isaku Wada, 2002/01/09 added */

int main(void)
{
int i;
unsigned long init[4]={0x123, 0x234, 0x345, 0x456}, length=4;
mt_init_by_array(init, length);
printf("1000 outputs of genrand_int32()\n");
for (i=0; i<1000; i++) {
printf("%10lu ", genrand_int32());
if (i%8==7) printf("\n");
}
printf("\n1000 outputs of genrand_real2()\n");
for (i=0; i<1000; i++) {
printf("%10.8f ", genrand_real2());
if (i%8==7) printf("\n");
}
return 0;
}
#endif

 

[Keith Thompson]

Bill Cunningham a écrit :

This is a good one.

/*
A C-program for MT19937, with initialization improved 2002/1/26.
Coded by Takuji Nishimura and Makoto Matsumoto.

[192 lines deleted]

The code you posted appears to be an implementation of the Mersenne
Twister. My understanding is that it's a very good *pseudo*-random
number generator, but it doesn't generate truly random numbers
(nor can any algorithm).

Bill: srand and rand themselves do not depend on the clock,
though the current time is often used as a seed. The Mersenne
Twister is likely to give you better pseudo-random numbers than
your implementation's rand(), but (a) they're still pseudo-random,
and (b) you still have to provide it with a seed.

<OT>
Take a look at /dev/random and /dev/urandom if your system provides
them.
</OT>

What are you *really* trying to accomplish?

 

[Bill Cunningham]

Bill: srand and rand themselves do not depend on the clock,
though the current time is often used as a seed. The Mersenne
Twister is likely to give you better pseudo-random numbers than
your implementation's rand(), but (a) they're still pseudo-random,
and (b) you still have to provide it with a seed.

<OT>
Take a look at /dev/random and /dev/urandom if your system provides
them.
</OT>

What are you *really* trying to accomplish?

I have /dev/random yes. But it's treated as a device. I would like to
generate a random key and lock things. A lot like MS's windows key number or
genuie key number.

Bill

 

[BGB / cr88192]

Can anyone show me a skeleton code for *real* random numbers? Not just
using srand and rand that sometimes depends on the clock.

as others have noted, pure software can't do this...

however, there are many pieces of hardware which can be used as an entropy
source, including the processor itself (if one is willing or able to use a
few pieces of assembler).

so, with some-or-another entropy source, one can begin "collecting" entropy,
and "amplifying it" (does not make more entropy, but does make it more
chaotic and more directly usable...).

one such source, and one which seems to work fairly well, is 'rdtsc'. what
makes this "random" is that, typically, there are all sorts of thing going
on in a computer which will jitter this value.


microphone, video, ... are all possible, but not typically as readily
available.

worth noting is that also both Windows and Linux provide random number
generators, which themselves gather entropy from various sources...

 

[Keith Thompson]

I have /dev/random yes. But it's treated as a device. I would like to
generate a random key and lock things. A lot like MS's windows key number or
genuie key number.

Yes, /dev/random is treated as a device. Why is that a problem?
You can read (pseudo-)random bytes from it.

When you say you want to "generate a random key and lock things",
it sounds like you're doing some sort of cryptography. There are
plenty of software packages available that take care of this for you.
(GnuPG and OpenSSL are two examples; there are plenty of others.)

If you care about security, I strongly advise against trying to
implement this yourself. Use one of the well-known existing packages.

 

[Beej Jorgensen]

If you care about security, I strongly advise against trying to
implement this yourself. Use one of the well-known existing packages.

And, to back Keith up on this, his statement isn't an insult in any way.
Designing good strong crypto is so hard that even the experts mess it
up.

Use /dev/random for generating keys--it's a-ok.

-Beej

 

[jacob navia]

Don Bruder a écrit :

Except for one minor problem - Unless I'm mistaken, the code you posted
(and I've snipped for space) is either derived from, or a direct copy
of, the Mersenne Twister - It's no more "real random" than rand() - it
just has a better period (usually - If you read up on the material that
usually comes with the full distribution package, you'll find multiple
caveats about "poison" parameter/seed-sets that can absolutely murder
the period length) before it starts repeating. And like every other
software RNG, the sequence that will be produced from a given
parameter/seed-set is 100% predictable.

I understood the original poster as asking for a good random number
generator. If he wants something else, not using software, I thought he
would have said so.

Since he doesn't care to answer I really do not know.

 

[Keith Thompson]

And, to back Keith up on this, his statement isn't an insult in any way.
Designing good strong crypto is so hard that even the experts mess it
up.

Use /dev/random for generating keys--it's a-ok.

Yes, but my actual point went beyond that. Most encryption packages
provide commands to generate keys. Those commands may or may not
use /dev/random if it's available. There's rarely any need to
refer to /dev/random yourself.

One example: "gpg --gen-key" will prompt for information and generate
a key pair. It probably uses /dev/random if it's available, but
for all I know it may use some other mechanism entirely. I trust
the judgement of the authors of gpg, and of the many people who
have tested and examined the code, far more than my own ability to
deal with this stuff.

This isn't specifically an endorsement of gpg (GNU Privacy Guard);
that was just a convenient example.

Cryptography is hard, even harder than floating-point, easier to get
wrong, and more important to get right.

I don't want to discourage you from playing around with it if you
like. Just assume that anything you come up will be vulnerable in
ways that you haven't thought of.

 

[Seebs]

I understood the original poster as asking for a good random number
generator.

What he said was "real" random numbers. No algorithm produces these.

If he wants something else, not using software, I thought he
would have said so.

This is Usenet; I would not feel comfortable assuming that level of
precision in peoples' requests.

-s

 

[Chris M. Thomasson]

Can anyone show me a skeleton code for *real* random numbers? Not just
using srand and rand that sometimes depends on the clock.

Put a dozen microphones in the tops of different trees that experience
frequent windy conditions and build a number from the information they
generate.

 

[websnarf]

    Can anyone show me a skeleton code for *real* random numbers? Not just
using srand and rand that sometimes depends on the clock.

Asking people in comp.lang.c for "real random numbers" is like asking
a chiropractor for the recipe for coca cola. There simply is no
expertise whatsoever in the typical people in this news group on that
question.

Not surprisingly you get nonsense like: "No algorithm can produce a
truly random number sequence" which is tantamount to religious
evangelism.

Anyways, the problem of generating random numbers is just an exercise
in understanding.

So first you have to start with the definition of "random". It just
means the opposite of deterministic. What makes an algorithm
deterministic is that you can see it and all its inputs and
essentially pre-compute its results before you actually run it. So to
make something "random" on a computer, you have to feed it some input
that the observer (whether it be the user or the operator or
programmer or whatever) that cannot be predicted before the fact.

So the main problem with timer as a random seeder is usually that its
too low resolution, so you can guess or predict the time by other
external estimates. However, if you use a higher resolution timer,
you can do better. Unfortunately clock() is no good, because its
zeroed out at the start of program execution, which is when you want
to do PRNG initialization; so again in a typical OS with a
deterministic start-up mechanism, you can model its initial offsets,
and again reduce it to (statistical) determinism.

The best bet is to try to access your system's devices which operate
asynchronously to the CPU and then try to mix in high resolution time
offsets between accesses. But the C language does not define an
interface to any devices -- so you end up using some platform-specific
extensions. Some CPUs, like Intel's Pentium, or AMD's K6 have special
instructions for giving you extremely precise time counters -- you
should definitely use them if they are available (other CPUs may have
similar extensions). Precise time offsets and position of mouse
movements or keyboard input, for example, are extremely good sources
of "entropy" -- in most systems the device interrupts are event
driven, as opposed to time slice driven.

One pretty excellent source of entry can come from network based
systems -- if you are in a client-server or peer to peer arrangement
you can have each entity generate *part* of the entropy using some of
the techniques above in addition to any other instance-specific secret
information. You could mix the inputs with a reasonable hash function
to generate a seed or use that "Mersenne Twister" strategy of actually
storing the entropic inputs in an array and cycle through them for
your basic PRNGs. Certain online poker sites use this technique -- in
fact one posted the details of their algorithm publicly precisely for
the purpose of fostering confidence in the ultimate fairness and
resilience to rigging of their site (even to administrators of the
site) amongst its patrons.

This level of analysis is usually good enough, but some people like to
take things to the extremes. One might imagine that someone with a
debugger could access your program's PRNG state and reverse engineer
it to the point of making its stream predictable. If the person has
continuous access to your program, then there is nothing you can do
about that -- but what if they only have one time (or just a finite
number of times) access to your program in this manner? Then its
actually still possible to keep your random stream asymptotically
unpredictable, using the techniques described in the Fortuna random
number generator (go to the wikipedia article for details.)

If you actually go to the trouble of implementing Fortuna, or
something like it, then you can say you have "real random numbers"
with fairly good confidence. But its fairly rare that you cannot get
away with something a lot simpler in practice.

 

[Chris H]

Can anyone show me a skeleton code for *real* random numbers? Not just
using srand and rand that sometimes depends on the clock.

No. To have a real random you either have to have a HW random generator
or run Windows ))))

 

[Don Bruder]

Except for one minor problem - Unless I'm mistaken, the code you posted
(and I've snipped for space) is either derived from, or a direct copy
of, the Mersenne Twister - It's no more "real random" than rand() - it
just has a better period (usually - If you read up on the material that
usually comes with the full distribution package, you'll find multiple
caveats about "poison" parameter/seed-sets that can absolutely murder
the period length) before it starts repeating. And like every other
software RNG, the sequence that will be produced from a given
parameter/seed-set is 100% predictable.

I understood the original poster as asking for a good random number
generator. [/QUOTE]

Look at the original post's emphasis on "...*real* random numbers" -
He's asking for the impossible.

If he wants something else, not using software, I thought he
would have said so.

Oh, it looks like he wants software, all right - Just software that no
programmer on the planet is capable of writing due to the limitations
imposed by the current state of the art.

 

[Chris H]

Cryptography is hard, even harder than floating-point, easier to get
wrong, and more important to get right.

Also if you get it wrong but think it is right you leave the door open
for hackers.

I worked on smart cards years ago and the level of checking and testing
required to ensure that the system worked correctly and had no holes was
larger that the initial development. The Unit testing was the largest
single phase of the project.


The crypto random number generator had a patented and very secret HW
system in it. It was not just software.

 

[BGB / cr88192]

And, to back Keith up on this, his statement isn't an insult in any way.
Designing good strong crypto is so hard that even the experts mess it
up.

Use /dev/random for generating keys--it's a-ok.

hmm... "luckily, DMCA to the rescue..."

even if the algo is trivial and stupid, and can be broken with no real
effort, any person who actually does so, or is even particularly likely to
know how to do so, can be arrested on criminal charges...

or, for that matter, if they take screenshots or recordings, ...


(actually, I don't personally support all this as a "good thing", but it
would seem to be the case...).

 

[Richard Tobin]

The crypto random number generator had a patented and very secret HW
system in it.

Patented AND very secret? How does that work?

I would have thought that the customers for secure random number
generators would want to know exactly how it worked.

-- Richard

 

[Nobody]

Patented AND very secret? How does that work?

Well, some parts might be patented while other parts could be secret.
Obviously no part can be both (well, obvious to anyone who doesn't work in
the marketing department).

I would have thought that the customers for secure random number
generators would want to know exactly how it worked.

OTOH, the vendors of insecure not-so-random number generators clearly
wouldn't want the (potential) customers to know how they worked.