while studying some security things, there was a question that one can guess the generation of some sequence for rand (timestamp) running in webserver. He said that our first goal should crash the server (assuming that server will get up in 1 min), we can sync our generator with server and then rand (timestamp) generated by the webserver could be same with our generator.
I am confuse, if we have a function rand (timestamp) would not it be depend on system timestamp or on server "up time" stamp?
P.S:
Asking a general question - its not dependent if it is in JAVA/PHP/ASP. Just asking how webserver/compiler work for such code?
May be its vague question but i would like to make clarification.
The default behaviour of many implementions of rand(), is to use the system time as a seed if a seed value is not supplied. Even if that is not the default behaviour, it is almost guaranteed that an application will pass the system time to srand() as a seed to randomise the sequence.
So, if you know the precise system time, you can generate the same sequence that would be produced from the remote system calling rand(). Several years ago, an online casino was attacked using this random sequence prediction technique.
The solution is two-fold: derive the seed from a non-predictable hardware source (there are commercial units to this) AND use the longest pseudo-number generator available.
There have been many questions on SO on the topic of hardware generators, for instance:
What Type of Random Number Generator is Used in the Gaming Industry?
Alternative Entropy Sources
rand() returns a pseudo random number. The pseudo random number generator is typically initialized with a seed. If two instances of the pseudo random generator are initialized with the same seed, then they will produce the same sequence on successive calls to rand.
By crashing the server, you are forcing the application to initialize the pseudo random generator with the current unix timestamp since that is what it uses as seed. An attacker can easily guess the seed/timestamp in a few attempts (server may use ntp which makes it even easier).
That is why it is not a good idea to use the unix timestamp as the seed. In any case for cryptographic uses typically the random number generator that comes with a crypto library is used. For example Openssl has RAND_bytes that makes available cryptographically strong pseudo random bytes. On many unix systems this pseudo random number generator is automatically seeded with bytes from /dev/urandom. See http://www.openssl.org/docs/crypto/RAND_add.html for more details.
Related
If I have the following in Java...where I want to let the user specify the seed for the random number generator so for the given seed the order of the random numbers is always the same...eventually would enter the seed to generate the same letter pattern each time..
Random rand = new Random(Long.parseLong(t[0]));
char r = (char)(rand.nextInt(26) + 'A');
What would be the equvalent to do the same for random in C++
cin >> seed;
srand(seed);
char('A' + rand() % 26)
Would srand(seed) work in C++..I have seen responses go either way as in yes or no...
Is there equalvalent in C++- For a given seed, the order of the random numbers will always be the same
Yes. This behaviour is inherent to all pseudo random number generators.
The C++ standard library has pseudo random number API in the <random> header. There's also the old C PRNG API, but I would recommend against using it for anything that requires decent quality randomness.
There is a caveat however. The sequence will be the same only as long as the PRNG algorithm remains the same. The algorithm of the old C API isn't specified exactly, and as such the sequence can - and does - vary across different standard library and/or language implementations. This problem applies to different implementations of the Java virtual machine as well.
The generator engines of the <random> API are specified exactly and are thus deterministic across implementations, except for the std::default_random_engine which can - and does - vary across implementations. Unfortunately, the distributions (uniform, normal etc.) of the standard API aren't specified exactly, so using them introduces potential variance across standard library implementations.
I'm looking for an algorithm to generate random numbers from a given seed but with the particular requirement that it will always generate the same sequence of number regardless of the underlying computer architecture or language implementation.
I already know of Mersenne Twister, however, the numbers it generates differ when using different implementations (i.e. C MT vs Javascript MT).
Do algorithms with this property exist? Also, I don't need a state-of-the-art RNG, I don't even need it to be cryptographically secure, I just want to drive a "random" simulation on one place and have it follow the same behavior on a different implementation.
If you don't need a cryptographicly secure RNG then MT or LCG would do. Still, some stream ciphers are pretty easy to implement in many languages, or already available, so these are viable paths. All of these are deterministic, same seed results in the same random numbers, and quite fast.
When writing Java program, we use setSeed in the Random class. Why would we use this method?
Can't we just use Random without using setSeed? What is the main purpose of using setSeed?
One use of this is that it enables you to reproduce the results of your program in future.
As an example, I wanted to compute a random variable for each row in a database. I wanted the program to be reproducible, but I wanted randomness between rows. To do this, I set the random number seed to the primary key of each row. That way, when I ran the program again, I got the same results, but between rows, the random variable was pseudo random.
The seed is used to initialize the random number generator. A seed is used to set the starting point for generating a series of random numbers. The seed sets the generator to a random starting point. A unique seed returns a unique random number sequence.
This might be of help .
A pseudorandom number generator (PRNG), also known as a deterministic random bit generator DRBG, is an algorithm for generating a sequence of numbers that approximates the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state, which includes a truly random seed.
I can see two reasons for doing this:
You can create a reproducible random stream. For a given seed, the same results will be returned from consecutive calls to (the same) nextX methods.
If two instances of Random are created with the same seed, and the same sequence of method calls is made for each, they will generate and return identical sequences of numbers
You feel, for some reason, that your seed is of a higher quality than the default source (which I'm guessing is derived from the current time on your PC).
A specific seed will always give the same sequence of "pseudo-random" numbers. So there are only 2^48 different sequences in Random because setSeed only uses 48-bits of the seed parameter! Besides setSeed, one may also use a constructor with a seed (e.g. new Random(seed)).
When setSeed(seed) or new Random(seed) are not used, the Random() constructor sets the seed of the random number generator to a value very likely to be distinct from any other invocation of this constructor.
Java reference for the above information: https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Random.html
In the ordinary case, don't use a seed. Just use the empty constructor Random() and don't call setSeed. This way you'll likely get different pseudo-random numbers each time the class is constructed and invoked.
For data dependent debugging, where you want to repeat the same pseudo-random numbers, use a specific seed. In this case, use Random(seed) or setSeed(seed).
For non-security critical uses, there's no need to worry whether the specific seed/sequence might be recognized and subsequent numbers predicted, because of the large range of seeds. However, "Instances of java.util.Random are not cryptographically secure. Consider instead using SecureRandom to get a cryptographically secure pseudo-random number generator for use by security-sensitive applications." source
Several others have mentioned reproducibility. Reproducibility is at the heart of debugging, you need to be able to reproduce the circumstances in which the bug occurred.
Another important use of reproducibility is that you can play some statistical games to reduce the variability of some estimates. See Wikipedia's Variance Reduction article for more details, but the intuition is as follows. Suppose you're considering two different layouts for a bank or a grocery store. You can't build them both and see which works better, so you use simulation. You know from queueing theory that the size of lines and delays customers experience are partly due to the layout, but also partly due to the variation in arrival times, demand loads, etc, so you use randomness in your two models. If you run the models completely independently, and find that the lines are bigger in layout 1 than in layout 2, it might be because of the layout or it might be because layout 1 just happened to get more customers or a more demanding mix of transactions due to the luck of the draw. However, if both systems use the exact same set of customers arriving at the same times and having the same transaction demands, it's a "fairer" comparison. The differences you observe are more likely to be because of the layout. You can accomplish this by reproducing the randomness in both systems - use the same seeds, and synchronize so that the same random numbers are used for the same purpose in both systems.
I want to generate some random numbers for many Servlet requests.
The problem is if i use a new Random object in each servlet, the overall probability will be incorrect.
E.g. with around 10000+ reqeusts, i expect all random value should be evenly distributed within the range.
So why not use a global Random instance?
Or you can use ThreadLocalRandom which is faster. And it is kind of global because you cannot really create an instance of it. You can get an instance by calling ThreadLocalRandom.current(). In Java 7, it returns a per-thread instance. In Java 8, it is further optimized, it'll always return the same singleton.
It is a little bit complicated to get really random sequence using Random. Random is LCG-based with 2^48 period and you need to be very careful with seed. There is a way to generate single sequence using DataStore to keep your current value, but performance will be not very good because you will need to update value every time you generate new random number. It means that you will be able too reach 10-20 request/sec without memcahce and probably around 100 req/sec with memcache. Sharding will not be very helpful because you need to keep atomic seed value.
Algorithm will looks like:
Generate first Integer (to use long you will need additional processing. It is much simpler to generate int).
set seed = random <<< 16
Save seed to DataStore (do not forget about transaction)
On every next request (whole op should be in a single transcation):
4.1. Read seed from DataStore
4.2. Create new Random with your seed.
4.3. Generate new int.
4.4. Set seed = random <<< 16
4.5. Save seed to DataStore
Despite the weird title, I wish to ask a legitimate question: which method's generated numbers are more random: Java's Random() class or Math.random(), or C++'s rand()?
I've heard that PHP's rand() is quite bad, i.e. if you map its results you can clearly see a pattern; sadly, I don't know how to draw a map in C++ or Java.
Also, just out of interest, what about C#?
Both Java and C++ generate pseudo-random numbers which are either:
adequate to the task for anyone who isn't a statistician or cryptographer (a); or
woefully inadequate to those two classes of people.
In all honesty, unless you are in one of those classes, pseudo-random number generators are fine.
Java also has SecureRandom which purports to provide crypto-class non-determinism (I can't comment on the veracity of that argument) and C++ now has a much wider variety of random number generation capability than just rand() - see <random> for details.
Specific operating systems may provides sources of entropy for random number generators such as CryptGenRandom under Windows or reading /dev/random under Linux. Alternatively, you could add entropy by using random events such as user input timing.
(a) May actually contain traces of other job types that aren't statistician or cryptographer :-)
java.util.Random (which is used internally by Math.random()) uses a Linear congruential generator, which is a rather weak RNG, but enough for simple things. For important applications, one should use java.security.SecureRandom instead.
I don't think the C or C++ language specifications proscribe the algorithm to use for rand() but most implementations use a LCG as well. C++11 has added new APIs that yield higher-quality randomness.
There is a very good document that can be found on the web, done by one of the worldwide experts in random number generators.
Here is the document
The first part of the document is a description of the tests, which you might skip unless your really interested. From page 27, there are the results of the different tests for many generators, including Java, C++, Matlab, Mathematica, Excel, Boost,... (They are described in the text).
It seems that the generator of Java is a bit better, but both are not among the best in the world. The MT19937 from C++11 is already much better.
PHP uses a seed. If the seed is the same at two different times, the rand() function will ALWAYS output the same thing. (Which can be quite bad for tokens for example).
I don't know for C++ and Java, but there's no true randomness, which makes quality difficult to evaluate. Security musn't rely on such functions.
I'm not aware of any language where random numbers are truly random - I'm sure such a thing exists, but generally, it's "You stick a seed in, and you get the sequence that seed gives". Which is fine if you want to make a simple 'shootem-up' game, basic poker-game, roulette simulator for home use, etc. But if you have money relying on the game being truly random (e.g., you are giving out money based on the results of certain sequences) or your secret files are relying on your random numbers, then you will definitely need some other mechanism for finding random numbers.
And there are some "true" random number generators around. They do not provide a seed, so predictability based on what number(s) you got last time is low. I'm not saying it's zero, because I'm not sure you can get that even from sampling radio waves at an unused radio frequency, radioactive decay or whatever the latest method of genearing true random numbers is.