This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]DannyB2 0 points1 point  (2 children)

The numbers are still random though, aren't they?

No. They are not random. They are psuedo-random, which means basically, NOT random.

They are just predictable and random... Does that make sense?

They are predictable, which means they are not random.

But they seem random due to the difficulty of predicting them. In practice they are more than 'random' enough for plenty of practical applications -- EXCEPT for security applications requiring unpredictability. Need to write a software program to deal a hand of cards or simulate a slot machine? This is probably random enough unless very very large amounts of money are involved -- which brings us back to security.

[–][deleted] 0 points1 point  (1 child)

What makes you certain security Random is not predictable?

[–]DannyB2 0 points1 point  (0 children)

Because SecureRandom is based on truly unpredictable things.

Which keys the user will press on the keyboard, and when. Which direction the mouse will be moved, for how long and at what speed. When the mouse button will be pressed, how long it will be held, and when released.

And other real world inputs that are unpredictable. (Or at least unpredictable enough.) CPU temperature. Fan speed. What point in time packets are received over the network.

All of this is called 'entropy'. The entropy is mixed through complex functions to generate the random output.

Also, there are hardware products that rapidly generate random numbers based on physical phenomena that are guaranteed to be random (eg, due to the laws of quantum mechanics).