Xan: Created page with "{{SDK added in|version=2.1|sdk=13|world=|universe=|browser=}} NOTOC int aw_random (void) ==Description== Returns a random number. ==Notes== The psuedo-random number generator (PRNG) employed by this method is [http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html Mersenne Twister] (MT) by Matsumoto and Nishimura. It sets new standards for the period, quality and speed of random number generators. The incredible period is 219937 - 1, a number with about 6000 d..."

2025-04-07T19:26:01Z

Created page with "{{SDK added in|version=2.1|sdk=13|world=|universe=|browser=}} __NOTOC__ int aw_random (void) ==Description== Returns a random number. ==Notes== The psuedo-random number generator (PRNG) employed by this method is [http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html Mersenne Twister] (MT) by Matsumoto and Nishimura. It sets new standards for the period, quality and speed of random number generators. The incredible period is 219937 - 1, a number with about 6000 d..."

New page

{{SDK added in|version=2.1|sdk=13|world=|universe=|browser=}}

__NOTOC__

int aw_random (void)

==Description==
Returns a random number.

==Notes==
The psuedo-random number generator (PRNG) employed by this method is [http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html Mersenne Twister] (MT) by Matsumoto and Nishimura. It sets new standards for the period, quality and speed of random number generators. The incredible period is 219937 - 1, a number with about 6000 digits. The 32-bit random numbers exhibit best possible equidistribution properties in dimensions up to 623 and it's very fast.

===Predictability===
This PRNG is should '''not''' be used in cryptography as it has major vulnerabilities:

*Observing a sufficiently long sequence of outputs from MT is enough to predict all future outputs.
*It takes many iterations before the initial non-random state produces output that will pass a randomness test.

Two steps can be taken to mitigate the problems:

*Generate multiple 32-bit outputs (e.g. 8 would be sufficient) and digest them using a [http://en.wikipedia.org/wiki/Cryptographic_hash_function cryptographic hash function] such as RIPEMD or SHA-1.
*Throw away the first x number of outputs from MT (e.g. call aw_random a million times when the SDK application is initialized).

===Seed search attack===
The implementation used in the SDK is also vulnurable to a "seed search attack" due to only using a 32-bit number for the seed (i.e. it can only produce 2^32 different sequences of psedo-random numbers). This means that attackers would need to try at most 2^32 different seeds before finding the one being used.

If a large number of initial outputs of MT have been thrown away then attackers would need to generate a longer sequence of numbers to test each seed. If 1,000,000 numbers were thrown away and 1000 have been passed to users then an attacker would need to generate roughly 1001000 * 2^32 numbers to be sure of finding the correct seed (in addition to seeding 2^32 times).

==Arguments==
None

==Argument attributes==
None

==Return values==
Signed 32-bit number (i.e. a range of -2147483648 to +2147483647).

==Returned attributes==
None

==Usage==

Naive

if ([[aw_random]] () == 547891)
puts ("You sure are lucky");

Better

void random_init (void)
{
int i;

for (i = 0; i < 1000000; i++)
[[aw_random]] ();
}

int random_secure (void)
{
int n;
int i;

n = 0;

/*
combine multiple outputs into a single number using xor
*/
for (i = 0; i < 8; i++)
n ^= [[aw_random]] ();

return n;
}

random_init ();

if (random_secure () == 547891)
puts ("You sure are lucky");

Secure

void random_init (void)
{
int i;

for (i = 0; i < 1000000; i++)
[[aw_random]] ();
}

int random_secure (void)
{
int buf[8];
int i;

for (i = 0; i < 8; i++)
buf[i] = [[aw_random]] ();

/*
function that takes a buffer as input, digests it using RIPEMD-128
and returns a 32-bit hash value from the output
*/

return ripemd128_32 ((char*)&buf, sizeof (buf));
}

random_init ();

if (random_secure () == 547891)
puts ("You sure are lucky");

==See also==
*[[aw_init]]

[[Category: SDK Methods|R]]

Aw random - Revision history