Random number generation, simple question.

Mon Jul 3 12:41:54 EDT 2000

kalle at gnupung.net (Kalle Svensson) wrote in 
<Pine.GSO.4.21.0007031546410.25965-100000 at luna.dsv.su.se>:

>Hello.
>
>I have a few questions about the (pseudo) random number generator supplied
>in the standard library. I need 80 random bits (for a CipherSaber IV) but
>I hear most RNG's only supply 32 bits or less. My questions are:
>
> * How many random bits does whrandom.random() generate?

I don't have the references from whrandom handy, but (a) I can flip through 
my Knuth book (flip, flip, flip) to see that there are several constants by 
which you can get an LCM to generate 2^32 values each of which could be 32 
bits long, and (b) Wichmann-Hill is rather more advanced than an LCM, so 32
*2^32 should be considered a reasonable lower limit. Since you only need 80 
or so, you should be okay.

> * Suppose I do a loop where I get a byte at a time and then re-seed the
>   generator either with random numbers from the generator or with values
>   from time. Will that improve the randomness?

The short answer is (a) no, that won't actually improve anything, and (b) 
it would be overkill anyway. All you need to do is:
>>> import random
>>> session_key = []
>>> for i in range(10):
...     session_key.append(random.randint(0, 255))
and go about your business normally.

The long answer is you can't generate randomness from nothing, which is 
what you're trying to do by reseeding your generator with output from your 
generator. If you really need more entropy, you need to find it somewhere 
else, perhaps by measuring some physical properties. To answer your next 
question, this is what /dev/random does ... it distills single bits of 
entropy by measuring a sheaf of physical properties as the system runs, 
then mixes them with the bits it already has, and doles them out to you 
when asked.

There is a discussion about both of these in the design of Yarrow 
(http://www.counterpane.com/yarrow-notes.html) which may be of interest to 
you if you're looking to further your knowledge of your ignorance of 
generating pseudo-random numbers.

> * Are there better alternatives? I understand I could read from
>   /dev/random on Linux, but this isn't portable, and even though I only
>   use GNU/Linux myself, I have friends who don't. If anyone can tip me
>   off about a similar feature in Win32, I could just detect platform and
>   use the appropriate function, of course. I don't think I have to care
>   about Macs or other *NIX dialects. Phew... :)
>
>Hope I'm making sense even though I hardly understand what I'm talking
>about... :)
>
>TIA,
>  Kalle Svensson

It's been a while since I looked at CipherSaber, but as I recall you only 
need entropy for the session key. You will probably find that almost any 
silly stupid PRNG will suffice for that, and most operating systems will 
provide you a silly stupid one.

My knee-jerk response is don't use rand()/srand() if random()/srandom() are 
available. I suspect, and this is completely without analysis, that 
whrandom.random() will be more than enough for this exercise.

If human lives are at stake, however, you really should try to educate 
yourself further so you can make your own analysis of the risks involved.

HTH. HAND.
+Mitchell