Re: How to generate a random number?
On Thu, 4 Oct 2001, Alan Shutko wrote:
> "Jeffrey W. Baker" <jwbaker@acm.org> writes:
>
> > That is an extraordinarily bad idea. Any person will be able to guess the
> > sequence of random numbers simply by guessing the time at which your
> > program was started.
>
> And the impact of this depends on what the program is used for. If
> you're seeding the RNG for a crypto program, yes, this is bad. If
> you're seeding the RNG for a random sig generator, who cares? Why use
> up entropy for programs which don't need it?
Right, but those conditions weren't explained in the original advice to
use srand(time()). When someone asks "How do I generate a random number"
I think it's a lot safer to advise /dev/random than time().
In either case I would hope that critical software isn't being written by
people who don't even know how to generate random numbers.
-jwb
Reply to: