Is it really happy ()?

Question

Is it really happy ()?

Inspired by Generic Random Number Generation I decided to run my own tests to find out what was wrong with rand (). Using this program:

srand(time(0)); for (int i = 0; i < 1000000; ++i) { std::cout << rand() % 1000 << " "; }

I loaded it into Octave using the commands:

 S = load("test.txt") hist(S)

And got this result:

result

To me, the results seem pretty uniform. I expected the results to be more distorted. Did I not allow my test?

+7

c ++ random c ++ 11

user4156679 Oct 18 '14 at 13:29

source share

3 answers

NPE · Answer 1 · 2014-10-18T13:37:20+0000

The test in your question does not really check for randomness. All he does is ensure an even distribution of numbers. This is a necessary but not sufficient condition: there are many other ways in which a random number generator may be insufficient.

For example, if I gave your function that returned the numbers 0, 1, 2, ..., 999 in a loop, it would also pass your test. However, this would clearly deprive a reasonable definition of chance.

To find out how random number generators are tested in practice, check out

For a discussion of rand() in particular, check out rand() Malware Review .

Hexagon · Answer 2 · 2014-10-18T13:50:45+0000

One important point that you are not considering is how predictable the generated random sequence is. Using time () as the seed of randomness, if the attacker knows - more or less - when the seed was generated, he can easily reproduce your entire random sequence.

That's why you need a true random source, assuming you use these random numbers for something related to security.

When security really matters, you also want to get each of your numbers from a true random source, without relying on PRNG at all. Slow but safer.

Peixu zhu · Answer 3 · 2014-10-18T14:24:01+0000

It depends on your purpose, provided that rand() is easy to use on hand with reasonable distribution capability, it is not intended for encryption purposes, or for physical modeling purposes. If you want one level of encryption or do physical modeling, this is not a good choice, and you may have to get a special implementation. There is no real chance created by computer programs.

Is it really happy ()?

More articles: