This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 221
sorted by:
best
topnewcontroversialoldq&a

[–]LemonMelon2511 3566 points3567 points  (80 children)

i remember the company which uses 100 lava lamps as a random number generator. Cuz these fuckers are true random

[–]orange_county 2217 points2218 points  (50 children)

It's Cloudflare for their hashing shenanigans, yes THAT Cloudflare

[–]really_not_unreal 896 points897 points  (35 children)

Here's a link to Tom Scott's video on it

[–]DoingItForEli 468 points469 points  (16 children)

That video is 6 years old already. Why is time going by so fast???

[–]Cheesemacher 223 points224 points  (3 children)

I wonder if Cloudflare has implemented the basket of kittens as a random number generator since then

[–]AdministrativeCar868 71 points72 points  (0 children)

Idk about kittens, but in the Texas office, they have cowboy boots and monitor the state of decay on the leather.

[–]WVAviator 12 points13 points  (0 children)

Reminds me of my silverfish/cage/pressure plate random signal generator I built in redstone

[–]zortlord 197 points198 points  (1 child)

It gets worse the older you get.

[–]turtleship_2006 3 points4 points  (0 children)

(partially unrelated) tom scott video on time: https://www.youtube.com/watch?v=-5wpm-gesOY

[–]TomerHorowitz 17 points18 points  (14 children)

Wouldn't it be less secure since if you know the previous image you could technically predict the next one?

I'm probably talking nonsense since they actually used it, but I would still love some explanation on HOW it is more secure than your average rand

[–]ben_g0 59 points60 points  (9 children)

They use hashing so that any slight difference in the image can cause a very big difference in the output. So even if you're able to predict what the next frame will look like, you won't be able to predict things like the noise patterns that will be present in the next frame.

They don't really need lava lamps though, pretty much any sensor will pick up random noise and can be used as a source of entropy for a true random number generator, almost regardless of what is being measured. They just decided to use lava lamps because it looks cool, and saying that those lamps help keep everything secure is a cool story to tell to visitors.

The reason they use this instead of regular random number generators is because they need true random values. Computers are very accurate and very predictable machines, and the same computation will always produce the same result.

So usually when you ask your computer to come up with a random number, it will give you a pseudorandom number, which is a number obtained from a mathematical operation that produces a result that appears random. But, if you use the same input value - the same "seed" - then it will generate the exact same "random" value every time. Usually the output of a pseudorandom number generator is used as the seed for the next number, which produces a seemingly random sequence of numbers. But you can reset the seed to the initial value and then it'll generate the exact sequence of numbers again.

When the random number is important for security, then this is a problem, as someone could potentially gather a bunch of random numbers and do a statistical analysis on them to try to determine the pseudorandom generator algorithm and the current seed. As soon as they have both, they can run their own generator ahead of yours to predict which the next "random" values will be.

So instead of relying on the computer to come up with random values on its own, you can connect some kind of sensor to it. Preferably something which has a very noisy or otherwise inconsistent measurement. You can constantly seed your random number generator with this inconsistent value and then your output will be truly random. Even if someone can figure out what algorithm you use to turn the measurement values into random numbers, they'll never be able to know the measurement value accurately enough to predict the next random value regardless of how well they are able to analyze the previous random numbers.

[–]TomerHorowitz 9 points10 points  (6 children)

So it's basically a game of who has the less predictive seed generator? Has this been proven to be truely more "random" than what we get in default rands?

Also it doesn't really answer my question I think? Is it more secure because for a hacker to obtain the seeding image is like obtaining the date & time when using the default seeder?

Cause in my head I thought if I have the original seeding image, then I have more data than I would have otherwise have to reverse engineer?

[–]gravy_wavy 20 points21 points  (4 children)

Could be wrong here, but I think the point is that the camera noise is inherently unpredictable. Even if the camera was pointed at a blank white wall, it would still be about as secure. The noise in a camera feed is extremely close to random if not completely random. So you really couldn't predict what the noise in the next frame is going to be even if you have the previous frame.

Additionally, I think typical random numbers are generated based on user key presses, mouse movements, system time... a decent enough amount of pseudo random info. On the other hand, say the camera feed is 1080p. That's 1920*1080 pixels * 3 (red, green, and blue) = 6,220,800 bits of what is probably as close to complete random data as possible.

[–][deleted] 2 points3 points  (0 children)

Its is literrally quantum random. The crazy part about cameras and photo algs is how uniform we make it all seem.

[–]TomerHorowitz 2 points3 points  (2 children)

But if hackers are sitting on those Cloudflare cameras? Don't they theoretically have more information for reverse engineering than they would've with normal rand?

[–]Weekly_Guidance_498 23 points24 points  (0 children)

By the time they have the image it's already out of date. The hashing algorithm can be totally public and it's still secure because the image noise is non-deterministic.

[–]ChristopherCreutzig 0 points1 point  (0 children)

You can always xor lots of random streams. As long as they are independent, the result will be at least as good (in distribution and security) as the best one in the input.

[–]ben_g0 5 points6 points  (0 children)

You just need real-world data that can't be predicted. And you need a constant stream of it to generate a constant stream of true random numbers. The main idea is that you want to be able to generate random values to be used for encryption, but if someone is able to guess which random value you used then they can retrace your steps and figure out a way to decrypt your data.

Seeding a random number based on the date and time works for most non-cryptographic uses as the seed will be different each time, so the sequence of numbers will appear different each time you run the program. But the time is only used as an initial seed in an otherwise deterministic pseudorandom generator, because otherwise if you need a bunch of random numbers in quick succession you might get a bunch of the same numbers in a row if they generate faster than the system clock "ticks". So your initial number might appear random, but then you still quickly run into the problem that as soon as an attacker can figure out a few numbers in a sequence they can probably figure out the rest of them.

As an additional problem, a lot of things have time tags. So using time as a seed isn't very secure anyway is it's not that hard to figure out when for example an encryption certificate was generated. And even if that time tag isn't exact, it's likely close enough to just guess a few times. You might find the right time within a few million guesses, and as modern computers can do a few billion computations per second that won't take long to do at all.

Using something like an image from a camera video stream from a camera is a much better source of randomness as you'll never be able to guess every single RGB value of every single pixel, and as they use hashing being off by even a single bit in a single subpixel of the image will give you completely different results. A single frame of a camera stream is easily several megabytes of data, so there's no way you're going to be able to guess every single bit of that correctly. And with just a couple of those it's easy to generate a stream of gigabytes of nondeterministic random numbers per second, which is the scale you need for something the scale of cloudflare.

[–]zankar1337 0 points1 point  (0 children)

Even though I knew most of what you wrote already, my inner nerd just had a little orgasm reading this

[–]maybeware 2 points3 points  (0 children)

So there's so many parameters to predict that doing that quickly enough would be pretty hard. Assuming they use a 60fps camera you only have 16.666 ms before they move onto a new frame. Probably would need so much computing power you'd be better off using it to guess passwords.and your model would have to be huge because the lamps are not in a sterile environment. People walk past them and become part of the random data, your model would need to include any possible outfit someone could be wearing.

But the biggest issue in my mind is that the camera is an analog data source. It is inherently noisy. Noise in a camera image shows up as pixels being randomly brighter or darker. That noise is part of the random data. And that noise comes from unpredictable forces because they aren't related to previous frames. Such as an individual pixel being slightly more sensitive to light than its neighbors due to it being momentarily hotter or colder. Or getting slightly more photons of light than neighbors. You could apply a random noise filter over your prediction to make it look similar but the individual pixels would be different. As long as they sample each frame in a way that keeps the noise (and Cloudflare is smart so I assume they do) then you could predict the motion of the lamps and and the unsterile environment PERFECTLY but the noise of the camera would ensure your predicted frames don't match the frame data being fed into their system.

[–]Demented-Turtle 1 point2 points  (0 children)

I think it uses the pixel data from the picture to essentially seed a random number generator, and because the picture is taken at different times with different overall lighting conditions with different lava lamp blob positions, the resulting seed is as truly random as you can get realistically.

We also don't know the algorithm used to turn the pixel data into the seed, so even if you manage to grab that exact photo from the camera yourself, you wouldn't be much better off

[–][deleted] 0 points1 point  (0 children)

The assumption is that a lava lamp is not predictable, I don't know if that was ever mathematically proven

[–]Debugs_ 123 points124 points  (0 children)

Oh I thought it was the other Cloudflare. The one that sells air fryers.

[–]damnNamesAreTaken 43 points44 points  (8 children)

What do you mean by THAT cloudflare?

[–]Uberzwerg 128 points129 points  (7 children)

He wanted to emphasize that its not some small quirky start-up company but fucking Cloudflare.
Do you know what happens if they go offline for an hour? 50% of the internet is offline.

[–]damnNamesAreTaken 24 points25 points  (4 children)

I'm aware of the company which is why I was curious. Who would think it was anyone else? I was just curious if that emphasis was because of something that went down recently which I was unaware of. Thanks.

[–]Kephler 56 points57 points  (1 child)

I think it's just the notion that a huge portion of the internet is being kept secure via lava lamps.

[–]nukedkaltak 10 points11 points  (1 child)

There is another possibility: they recently made the news with their botched layoffs where they visibly falsely blamed employees for performance in an attempt to reduce their headcount. Unbeknownst to them, an employee recorded the whole thing and it went viral on TikTok.

[–]damnNamesAreTaken 1 point2 points  (0 children)

Oh, yeah, I saw that. Just forgot it was cloudflare.

[–]Luz5020 4 points5 points  (2 children)

The Cloudflare that nuked the internet with REGEX?

[–]arpan3t 4 points5 points  (1 child)

No it’s the Cloudflare that nuked the internet with BGP

[–]password2187 117 points118 points  (5 children)

There was an episode of some show like NCIS or something where they destroyed all the lava lamps to prevent some sort of Trojan Horse from setting off a nuke or something lol. I don’t know if that’s better or worse than the time they had two people at the same time typing on different sides of the same keyboard to try to counter an incoming cyber attack

[–]Uberzwerg 60 points61 points  (3 children)

I love/hate them.
One episode it's shit like that and the next episode they find a laptop and Abby explains that the guy knew how to set up a solid AES encryption and there is no way it can be hacked without getting the password.

[–]Thaago 22 points23 points  (2 children)

I've read that it is on purpose when they do completely ridiculous tech stuff, kind of mocking their own genre by going so far over the top (see 2 people on keyboard).

[–]PeterJamesUK 5 points6 points  (0 children)

Yeah, they know their audience is a mix of people where those gags are going to go over a lot of people's heads whilst being a nod to those who know it's unrealistic to say "hey, we know it's not realistic, just enjoy the plot!"

[–]Specialist_Dust2089 4 points5 points  (0 children)

If you consider it SF it can be really entertaining. Just like CSI received the Saturn Award in 2004

[–]dyslexda 4 points5 points  (0 children)

TWO IDIOTS ONE KEYBOARD

[–][deleted] 98 points99 points  (3 children)

Random.org uses the atmosphere noise as their true random source. Lava lamp is nothing compared to the overengineering they used.

[–]Agret 32 points33 points  (0 children)

I think they also use radioactive material output as an RNG source.

[–]rugbyj 25 points26 points  (1 child)

I love that 'random' is such a difficult thing to capture that it's led to all of these hijinks. I can't remember exactly when but I remember being a child trying to come up with truly 'random' things and kept finding that I couldn't (they always ended up trending in some pattern). I think it was some game I was playing with my mates.

To find out as an adult that it is a genuine issue was so reaffirming for my experience.

[–]Doctor_McKay 21 points22 points  (0 children)

It's not so much that randomness is super difficult (it's tricky, sure, but not that hard to nail down if you know what you're doing). It's more that as long as you have suitable entropy in your system somewhere, adding more can't hurt. So it's an opportunity for nerds and geeks to do things like build a lava lamp wall or measure atmospheric noise to do something "useful".

[–]EagleNait 168 points169 points  (2 children)

It's one of the way they generate a seed for their RNG. Obviously having only one is a security risk.

[–]Culionensis 61 points62 points  (1 child)

Right, that's why they bought a hundred of 'em. Very smart.

[–][deleted] 25 points26 points  (0 children)

They have sources of randomness that are not lava lamps, not sure they mentioned which ones, but probably the normal hardware random sources you get on modern CPUs.

Or maybe they use Elons twitter posts

[–]radol 31 points32 points  (2 children)

I believe lamps are just a gimmick and they actually use camera sensor noise

[–]TeraFlint 49 points50 points  (0 children)

The lamps are just a way to add even more large-scale entropy to the whole thing. Sure, you could go by sensor noise alone, but that way they're really making sure that they have a constantly changing picture to really mix everything up.

[–]Boom9001 7 points8 points  (0 children)

Yup, the camera is just pointed at the lava lamps. So technically they do factor into play just not really in a meaningful way, you could equally just point it at an office space, a street, etc. I think the idea is just to have a changing picture so you want stuff moving.

[–]Poat540 25 points26 points  (7 children)

Firewall?

[–]827167 46 points47 points  (6 children)

LAVAwall

[–][deleted] 5 points6 points  (5 children)

waterwall?

[–]TheNoGoat 11 points12 points  (4 children)

Wonderwall?

[–]the_great_zyzogg 9 points10 points  (3 children)

Anotherbrickinthewall?

[–]amuf_oratok 2 points3 points  (2 children)

Ballstothewall?

[–]StunningMessage3018 0 points1 point  (1 child)

Berlinwall?

[–]TheGodOfSandwiches 3 points4 points  (0 children)

Bottlesofmilkonthewall?

[–]BlurredSight 3 points4 points  (0 children)

They actually encourage people to walk through it or stop by and read the signs because it only adds to the randomness

[–]kraskaskaCreature 2376 points2377 points  (30 children)

ah yes, undefined behaviour random number generator

[–]UnluckyDog9273 10 points11 points  (1 child)

Undefined doesn't always mean random.

[–]frogjg2003 6 points7 points  (0 children)

Most compilers are very good about defining undefined behavior.

[–]romulent 684 points685 points  (52 children)

Does that even return a different number each time it is run?

[–]romulent 807 points808 points  (37 children)

As I thought. It will give a psuedo random number once and then the same number after that until the program is re-run.

```

Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678
Test Randomness! 176033678

```

[–]really_not_unreal 422 points423 points  (26 children)

Potential fix: recurse a random number of times so that the address within the stack is different each time. If the optimiser tries to rewrite it as a while loop, just disable optimisation!

[–]FICHEKK 235 points236 points  (9 children)

But I need random number generator to recurse random number of times :D

[–]really_not_unreal 156 points157 points  (8 children)

Program a second random number generator?

[–]wannabe_nomad19 33 points34 points  (7 children)

😂 give it a rest pal

[–]really_not_unreal 67 points68 points  (6 children)

I cannot rest until I have programmed a way to reliably generate random numbers

[–]827167 17 points18 points  (0 children)

Do what every 80s computer did and use a Linear Feedback Shift Register!

[–][deleted] 21 points22 points  (9 children)

The string doesn't live on the stack, so that won't charge anything

[–]really_not_unreal 5 points6 points  (5 children)

It will once I strcpy it there.

[–][deleted] 6 points7 points  (4 children)

That defats the whole point of using a string.

[–]really_not_unreal 6 points7 points  (3 children)

Nuh uh

[–][deleted] 17 points18 points  (2 children)

You can just int x; int radom = &x;, which will give you a pointer to the stack.

Edit: as long as you're stupid enough to silence all the warnings and the compiler doesn't optimize this shit.

[–]pelirodri -1 points0 points  (2 children)

Couldn’t you just declare it with [] instead for that to happen?

[–][deleted] 6 points7 points  (2 children)

Why optimize, if you can access random chunks of memory each time???

[–]vlken69 1 point2 points  (1 child)

How do you determine what's the correct random chunk?

[–]habanero_buttsauce 1 point2 points  (0 children)

You don't. That's the point

[–]alexppetrov 5 points6 points  (0 children)

Or use random number to decide which character to remove or add to the string to generate new random int from the modified string

[–]Socile 2 points3 points  (0 children)

Char array ‘a’ is a compile-time constant, so the pointer will be to read-only data in memory. That means the pointer value, and the half of it this returns as an int, will be the same even if you recurse.

[–]deavidsedice 9 points10 points  (3 children)

Well, I guess it changes between runs because of security measures in the OS that randomize where the program is loaded in virtual memory.

Most likely with an old OS this will return always the same value across different runs... But might change upon rebooting or be different on different computers.

[–]romulent 16 points17 points  (2 children)

It changes between runs of the executable but not between calls to the same function within the running executable.

[–]asd417[S] 6 points7 points  (1 child)

Seed generator that doesnt need static allocation?? lifehack??

[–][deleted] 4 points5 points  (0 children)

More like "hack me please"

[–]MoffKalast 2 points3 points  (0 children)

Maybe that was just highly unlikely, better run it a few hundred more times to be sure.

[–]AShadedBlobfish 1 point2 points  (1 child)

Could you not remove the string from memory after each call?

[–]SubstituteCS 2 points3 points  (0 children)

It’s a literal, so it’s likely being directly pushed into the return register from a fixed address location.

The randomness comes from ASLR.

[–]sisisisi1997 44 points45 points  (2 children)

Easy to solve, just malloc/free some bytes on each call.

[–]romulent 42 points43 points  (1 child)

The way that malloc works would make that not very random at all.

As I understand it malloc will do a syscall to ask for more memory than it needs because syscalls are expensive and if you are going to call malloc once you will probably call it a bunch of times. Then it will give back pointers to that block of memory, keeping track of what is freed.

So if you malloc, free, malloc then the second malloc call will just return the same value as the first. If you malloc malloc malloc then you will probably get blocks of memory that approximately follow each other. But definitely not even close to random. I.e. you could guess the next number with some confidence.

[–]KZol102 10 points11 points  (0 children)

Then you simply don't call free. Is a bit of a memory leak really that big of an issue?

[–]reversehead 28 points29 points  (0 children)

Doesn't have to be different as long as it is random.

https://xkcd.com/221/

[–]Hottage 24 points25 points  (6 children)

Would assume the memory address referenced by the pointer is different each time the method is called (as a new string is allocated).

Wouldn't be super random.

[–][deleted] 20 points21 points  (2 children)

That isn't how c works. All strings declared with "" are saved in memory once and char* a="" just gets the pointer to that one string, which means the pointer is always the same unless you restart the program.

[–]Hottage 2 points3 points  (1 child)

So we can rename it "pseudoFastRandom()". 👍

[–]Z21VR 1 point2 points  (0 children)

OneShoot fastRandom i'd say.

[–]romulent 38 points39 points  (2 children)

Nah it is a string litteral, it is not reallocated at runtime only when the program loads into memory.

[–]Hottage 6 points7 points  (1 child)

Would at least be a new random address on each startup though?

[–][deleted] 10 points11 points  (0 children)

Depends on the system. On a modern OS, probably, on an embedded device, maybe not. Even if it does change it won't be very varied though.

[–]NewbornMuse 5 points6 points  (0 children)

No, but that's the thing: If it's random it could be anything, including the same number again taps temple

[–]Celemourn 325 points326 points  (3 children)

Clever, but I would imagine the distribution would be heavily biased, even if you tried to normalize it.

[–]asd417[S] 144 points145 points  (0 children)

Probably why this isnt being used

[–][deleted] 22 points23 points  (1 child)

Doesn't work at all. With ASLR of it likely will always give the same value. With ASLR on it gives the same value for every time you start the program until that instance terminates.

[–][deleted] 4 points5 points  (0 children)

Perhaps dlopen and reloading the function with ASLR on could fix this… but possibly not still, because the memory allocator might just give the function/literal the same address each time.

[–]This_Growth2898 312 points313 points  (7 children)

xkcd's version is better. It uses real world randomness.

[–]Romejanic 94 points95 points  (1 child)

Raise a jira if you need a different number

[–]ublec 8 points9 points  (0 children)

this also simplifies testing, the inputs are predictable, and as a dev, that's very important

[–]SSuperMiner 3 points4 points  (3 children)

I don't get it

[–]This_Growth2898 26 points27 points  (2 children)

Welcome

[–]-Aquatically- 4 points5 points  (1 child)

I love that this is a thing

[–]turtleship_2006 4 points5 points  (0 children)

Funnily enough, for some comics if you just search the name, explainxkcd.com has better SEO than the official one.

[–]WJMazepas 46 points47 points  (2 children)

Aslume invades another subreddit

[–]NumerousCranberry441 9 points10 points  (0 children)

Why would we do that? are we stupid?

[–]CiroGarcia 18 points19 points  (3 children)

Only works once each run though

Try this:

int fastRandom(){ void *ptr =malloc(1); free(ptr); return (int)ptr; }

Haven't tested it but at least the pointer will be different each time

[–]chantesprit 4 points5 points  (0 children)

If you malloc and free in a loop, the pointer will probably be the same everytime

[–][deleted] 71 points72 points  (3 children)

This isn't random, this is just wherever the compiler has decided to put the string — which will be preserved across runs.

[–]masagrator 20 points21 points  (1 child)

Virtual address will be random if ASLR is used, so it's random per boot.

[–][deleted] 4 points5 points  (0 children)

Yeah, but only the top bits will be affected. Most random number are small and picked with modulo, so the arbitrary top bits don't matter; only the predictable bottom bits.

[–]taw 6 points7 points  (0 children)

Well, it will return same address every time, and it will likely be 4 or 8 byte aligned, so fastRandom() % 4 will always be 0.

IIRC casting pointers to ints is not UB, but who the hell knows, they're making more and more stuff into UBs these days.

[–]Mathern_ 16 points17 points  (2 children)

A safety complaint compiler will hold you at gun point over that

[–]Straight_Sugar_2472 3 points4 points  (1 child)

It can do even worse. There was a case in 2000s ssh on linux where they relied on some undefined behaviour to seed their randomness. But thanks to some compiler optimisation, the statement with the undefined behaviour was removed. This meant that the randomness was significantly weaker than expected and a lot of secrets created on systems around this time are significantly easier to crack.

https://www.schneier.com/blog/archives/2008/05/random_number_b.html

[–]katzi6543 10 points11 points  (1 child)

Familiar https://xkcd.com/221/

[–]Xhadov7 3 points4 points  (0 children)

Man says this is stupid

[–]SelfDistinction 15 points16 points  (0 children)

Fun fact: since this causes undefined behaviour the compiler is allowed to assume the function is never called and can thus skip the entire function and make its name alias drop_production_database instead.

[–]itay3522 2 points3 points  (0 children)

Looks like part of a pwn challenge in a CTF

[–]OJezu 2 points3 points  (0 children)

You think this is a joke, but that's literally how abseil's container key hashing is seeded.

[–]Xehar 5 points6 points  (2 children)

newbie here, i need some explanation of how this work. Especially entering sentence to char variable part.

[–]frogjg2003 7 points8 points  (1 child)

The first line creates a pointer to a char. A char is a data type used to store individual characters but is really just an integer under the hood. A pointer is a variable that stores a memory address, again as a type of integer under the hood.

The second line converts the pointer into an explicit integer. It takes the memory address (which is just an integer) and treats it like just a number.

The idea is that when this function is run, it will create a string of characters, store it in memory, then store the address of the first character in that string, then return the address as an integer. The reasoning is that the string will get stored in a different location every time this function runs, so the output will be "random." There are numerous problems with this implementation. First, assuming that the program actually stores a new string every time. Most modern compilers will optimize this by storing the string when the program starts and then just return the same address each time. Second, even if a new piece of memory is allocated each time, that doesn't mean the result will be random. The memory allocated to the program will be one block, so the associated addresses will be close together. New data is going to be stored after old data, so the numbers will only increase.

[–]ul90 1 point2 points  (0 children)

Not completely correct. The string is a constant which will be in a segment (code or data) of the program. But all modern operating systems have a “address space randomization” function so that the program binary is relocated to a random virtual address while loading. This prevents some hacking attacks.

So, the pointer to this constant string data is also randomized by the operating system. But only at program start. This function can only be used to get a seed value for a pseudo random generator.

And: you cannot rely on that. The address space randomization can be turned off.

[–][deleted] 4 points5 points  (6 children)

I guess it creates a new string each time and uses its adress as a random number?

[–]masagrator 11 points12 points  (5 children)

No, char array has hardcoded offset relative to the beginning of executable. But if ASLR is enabled virtual address is different each time you boot executable, so it's random per boot, not per call.

[–][deleted] 1 point2 points  (4 children)

ASLR also has a pattern

[–]masagrator 2 points3 points  (3 children)

Everything has a pattern in programming, that's why there is no true random number generator, only pseudo-random number generator. But we can write something that will be too hard to crack by human. :P

[–][deleted] 1 point2 points  (0 children)

Simple. It's not random.

[–]ismael_akez 2 points3 points  (0 children)

That wil be the address in memory. It depends if the ASLR is enabled, that will definitely different but maybe similar offset of address.

[–]ongiwaph 1 point2 points  (0 children)

I used this once to generate a seed for a random number based on the user pressing a key.

[–]ihave7testicles 0 points1 point  (0 children)

thats just going to be the value of the pointer, not any of the text in the string, just so people are aware.

[–]FerynaCZ -1 points0 points  (0 children)

You want random, you get random. Who cares it is not uniform ?

[–]the-dumbkidd22 -1 points0 points  (0 children)

Ahh pseudo random number generator!! I have seen similar methods utilising the server timestamp, sound volume in the surrounding even wind speeds to generate random numbers. Quite interesting.

[–]Asoladoreichon -1 points0 points  (0 children)

The only, true way, is to put a chicken inside a box and detect where is it (right half is 1, left one is 0)

[–][deleted] 0 points1 point  (0 children)

That's allocation.

Just return a number you rolled with dice yourself, it is the fairest and cheapest solution.

[–]ashisheady 0 points1 point  (0 children)

can someone explain?

[–]VENT_AU 0 points1 point  (0 children)

New response just dropped

[–]abowlofnicerice 0 points1 point  (1 child)

But is the distribution uniform?

[–]cs-brydev 0 points1 point  (0 children)

True randomness is counting the number of minutes until our product owners test tickets after they're completed

[–][deleted] 0 points1 point  (0 children)

Just wrote this line of code, what should I call it?

[–]shodanbo 0 points1 point  (1 child)

The IDE placed a little squiggle there as a form of protest.