It is more difficult to pay attention when the view keeps changing every 10 seconds, so maybe just one camera is better. Loved the content of the video though!
Given a sequence of pseudo random numbers (no gaps) you can use a logic solver like z3 to calculate the internal pRNG state, allowing you to predict future outputs. This even works when the generated numbers are not directly used but truncated in some way (e.g. conversion to hex/base64 representation and cutoff). This just increases compute time for the logic solver.
@@LowLevelTV We had a practical part in our university's cyber security coursework that consisted of a wide range of CTFs. One of them was a JS web application that used the v8 engine's Math.random() function and derived passwords from the generated float. It also had a password reset button with no real rate limit. Rough exploit outline: 1. Reset your own password n times in a row 2. Reset the admin password a single time (you don't get the mail of course) 3. plug the n passwords into your exploit code and calculate the internal state 4. Derive the n+1th password and access the admin account
@@31redorange08 you say that, but I've seen websites that do this. sure any self respecting website would not generate you a password on reset, but its 100% a thing
While we should always use a secure RNG function for code that demands security, there is still a use for pseudorandom numbers! A known seed is nice to debug things in games, where it is expected to be infeasible for players to predict the outcome, but something reproducible just by providing a seed and replay would help. We use it for races in randomizer hacks and Minecraft so that the players can't predict what the game state will be, but can vet it independently and make sure all participants are playing the same game.
A known seed can also be used in games that need determinism (say, for input-based replays, multiplayer, or memorizable enemy movement/attack patterns) but also want to implement something "seemingly random". For example a wander seeking behavior that always follows the same path: it benefits from the RNG for generating an irregular path, but with the same seed you can rely on it always being the same. If you need determinism but also unpredictability, you can also use an often-changing element of game state as the seed. For example player position.
@@ishashka But with player position people will eventually figure it out and make strats like standing in a specific spot and predicting where something might spawn/move to
@@TheS1l3ntOne not really. If the position is different even by one pixel/thousanth of an inch/whatever, the seed will be different and so the rng will output a drastically different value. You'd have to be inhumanly precise for that to work. But if that's not enough, you can always do something like position plus current time in microseconds or something. And depending on the game, there's other options.
@@kacperkonieczny7333 good point. But that was only an example, there are other more game-specific parameters you can use. For example, in a shmup I'm making score is such a chaotic value. Because the scoring system is quite complex, it's basically impossible to aim for an exact value.
@@kevinthompson5632 i didn´t ellaborate an opinion, just before seing the video said that cause lots of persons think that all "rand" generates really random numbers
My favorite computing thread to pull on here is: - LCGs are great, so the ease of implementation makes it a good teaching method ("write your own") - LCGs can be put into a tree-like structure. This is useful in parallel computing (where one random seed creates the seeds for 10 different threads), but a more fun example might be generating procedural plants in a video game: Say you use the seed to create 1000 randomly generated plants, each using 10 random number calls each, and you are trying to store as little data as possible (so, at the start it's just the seed). Now you want to modify the 10th plant, but in doing so you've used 11 random number calls. Now the first 9 plants are the same, the 10th has been modified, but the other 990 are all modified too because the random numbers requested have all been shifted by 1! If instead you use an LCG tree, you can basically make the RNG state local to each object instead of global to the whole program. - I might be getting this story slightly wrong, but Bell Labs made a special purpose computer back in the 80's to simulate a particular physical system (the spin glass), but they built in a linear shift register RNG into the hardware. They still got useful results from the computer, but the poor quality RNG made the results pretty bad! So their promising hopes and dreams of scaling up the special purpose computer were dashed. But I need to check my primary sources here, I believe the machine I'm thinking of is described in "Fast special purpose computer for Monte Carlo simulations in statistical physics" and they do actually describe an RNG algorithm in that paper.
I think people often think of pseudo random numbers as somehow "worse", when really nine times out of ten they're more useful than actual random numbers (so long as they're "good" enough for the application). That bell labs part makes me curious, couldn't they use the hardware LCG and compose it with a software shift generator or something like that? You should be able to build a good enough generator with that I think?
@@user-sl6gn1ss8p Yeah I've spent a few more minutes looking at papers related to this; I think the specific machine I'm thinking of was made in UC Santa Barbara, not Bell Labs. I'll come back and post an update to this comment if I figure out the full story. Until then, don't take my word for it! But generally there have been a few missteps with bad use of RNG in statistical physics simulation. I did find the following quote: "we note that no new scientific results were obtained using computers in Delft and Santa Barbara. Significant results were obtained using a computer built at Bell Laboratories" from the paper "Special Purpose Computers for Statistical Physics: achievements and lessons"
Great video. However, it is also worth mentioning that many modern microcontrollers have TRNGs (true random number generators). These are based on things like static, noise in semiconductors, etc. I would love to see your take on these.
Most code initializes the seed with the timer only once. If you get a sequence of pseudo-random numbers you can solve these modular equations and recover the seed. Once you know the seed you know the whole sequence.
Assuming you have access and 'good enough' resolution of your processor's temperature reading, I think you can combine time + temp read for your seed value :D
I just wanna say that this video and "Why rust is being used for evil" are putting us in infinite loop if we follow that recommended video. :D good vids!
I mistakenly assumed the newer random() implementations read from the system random number source device. In Java, I ran into some issues with performance because in Java they did reach out to the device in AIX and Linux and had performance differences.
I see where you're coming from, but that would actually be a bad idea, and absolutely break many applications - PRNs are not "worse" random numbers, their "pseudoness" actually comes with benefits. Say you want to load a previous state from an application and make sure it will run the same way as the last time. If it uses entropic randomness, that's not possible. With PRNs, all you have to do is save the seed. Same idea to recreate procedurally generated content. It also makes testing WAY easier. Also, I would never expect C (or C++ for that matter) to change the inner workings of a standard library function like that, since it breaks both behavior and, as you noted, can be much slower. It would also be way less portable.
@@user-sl6gn1ss8p TBF your point about "entropic" (i.e. true) randomness is false; you can just as well store the truly random seed for future reference.
@@erikkonstas sure, if you use a PRNG with an "entropic" seed and save it, that's fine, same as saving any other seed, but he said he assumed random() read from the system random number source device, so that wouldn't work. I was also comparing PRNs to "true randomness" - if you use "true randomness" directly (not as a seed you can save), then you do loose the predictability of PRNGs
Since your channel is called "Low Level Learning", I would have expected you to talk about true random number instructions like rdrand 😅 and a sample where you use it.
~ 0:30 - You seem to believe (probably correctly) that most of your viewers don't read the first few sentences of tha manual page. This is from man(3) page fro glibc implementation: "The rand() function returns a pseudo-random integer in the range 0 to RAND_MAX inclusive (i.e., the mathematical range [0, RAND_MAX]). The srand() function sets its argument as the seed for a new sequence of pseudo-random integers to be returned by rand(). These sequences are repeatable by calling srand() with the same seed value. If no seed value is provided, the rand() function is automatically seeded with a value of 1." Pretty clear, isn't it?
It's probably worth noting that using rand is fine in most contexts. it wasn't designed for use in cryptography in the first place, it's more meant to be a fast and simple algorithm for generating random numbers in contexts where the predictability of the algorithm matters very little. In the same way that you shouldn't use rand in cryptography, you shouldn't be scared of using it in a context where it's of no concern.
> you shouldn't be scared of using it in a context where it's of no concern. You definitely should. Especially when doing simulations using rand() can seriously screw up your results. Also keep in mind that the period of rand can be incredibly low. IIRC on windows, rand() repeats after 2^16 calls.
I thought it was common knowledge that rand() isn't actually a true RNG and it must be initialised with a seed like the current timestamp each time it's used, no?
You can actually combine a standard PRNG and a either a cryptographic hash function or a block cipher to make a (admittedly fairly simple and not too secure) CSPRNG. Just either hash the output of your RRNG or encrypt it using a randomly generated key to get a cryptographically secure random number
I was looking lately about using random numbers in x86 assembly and I came across two instructions, rdrand and rdseed. Since rdseed actually generates 100% random numbers and rdrand generates numbers with an algorithm that is not 100% random, but it uses rdseed to calculate these values, so it is relatively more random than using the computer team (I think at least 😀)
Rdseed is very fast and will produce a true random number from a dedicated entropy source inside the intel cpu. Intel also provides a c library for this. Not sure why so few of these videos about random numbers don't know about this.
I enjoyed this video on the use of rand() and RNG (Random Number Generation) in coding! It's fascinating to see how these techniques can be applied in various scenarios, from simple games to complex simulations. The explanation of different RNG algorithms and their strengths and weaknesses was particularly informative. It's always great to be reminded of the importance of high-quality randomness for security and statistical applications. Thanks for sharing this educational content!
@@comradepeter87 Yeah, I've seen this same sentence structure at least hundred of times. They usually start with "I really enjoyed this video" or "I really learned a lot from this video" etc etc. Then they write some things in tech jargon, and end their comments with thanks. They're all AI. I often see them under tech youtubers' videos. Who even writes RNG (Random Number Generation) like this with long form in parantheses and correct capitalization 😀 Read other comments everyone except this account wrote RNG and that was enough.
I am pretty certain that it is common knowledge among people who studied engineering in the last decades and had to use tools like MATLAB that there is no such thing as truly random values when compiled binaries and interpreters give those. I don't know all the details though, just that values are read which differ in time so the kind of random time at which the user starts some function determines those values and that way pseudorandom numbers are generated.
I've had good results using the Mersenne prime 2^31 - 1 range since it fits into a 32 bit word easily. Stochastic seeding and re-seeding tables can be generated in real time. Also there lots of public domain tests for uniformity - NIST has a few good ones.
The reason why you got same random generated number at start of the video is because you system allocated same piece of memory for your program every time you ran it since there wasn't that much things going on in background. If you kept running it again and again for 10-30 seconds you would eventually get different random number, also repeating for some time. Actually figured this one out years ago at university when we were making some random project and couldn't figure out why random function always returned same number.
if you plot a graph of number x next_number from a simple LCG, you can actually see "lines' of dots, in different directions. The slopes of these lines can be used to calculate a, c and m. For rand() (which may have RAND_MAX = 2^15 - 1), you could probably actually do this by hand (like, measuring the lines by hand), if you have a long enough sequence (I want to say maybe like 200 numbers if you know what to look for, but don't quote me on that). So yeah, once you have that and a single number, you have all the rest.
A little trick if you're programming on NES or Game Boy or some other retro platform with no operating system or real time clock. Since you don't care about "unsafe code" or "computer security" when programming these things, one way is to take a checksum of uninitialized RAM as the console boots up. On real hardware this isn't pseudo-random so you can use it to seed a pseudo random number generator of your own creation. (I often use a combination of XOR and bit shifting since it makes "nearby" seeds produce vastly different outcomes. A lot of old games would also use the player's input to obfuscate the RNG patterns as well
3:03 Mistake: you are not seeding the RNG with the nanosecond time, you are seeding it with the address of the nanosecond time, if you turned off address space layout randomization it would have produced the same values every time.
The other problem is that libc's rand() may have different implementations across platforms and architectures, so it does not necessarily return the same value with the same seed.
I sincerely hope that there are zero programmers out there relying on the predictability and consistency of a random number generators output across operating systems... It makes sense for a random number generator to have undefined output... this can hardly be called a problem.
@@minneelyyyy it would matter if you're using a random number generator with a specific seed in automated testing. Different output would mean the test would fail on a different operating system.
@@minneelyyyy A very common place where you want this is in game developing. Procedurally generated content needs to be uniform across platforms, like the world generation using seeds in Minecraft, it needs to be consistent in every machine.
So, according to quantum mechanics, a truly random phenomenon is the decay of a radioactive isotope, specifically: it is impossible to predict when a particular atom will decay, regardless of how long the atom has existed. So lets write a device driver for radioactive materials, and this driver will use them to generate true random numbers. I think we should place this device under /dev/uranium, as a small nod to /dev/urandom :)
There's a great talk about `rand` by Stephan Lavavej called "rand() considered harmful" that goes in-depth as to why rand is such a horrible function, and then he talks about the C++ alternatives.
I mean, in this case it's secure if it's reasonably unpredictable. You can't reasonably predict random noise from high-energy particles from space passing through a detector or lava lamp fluctuations recorded on camera; however you can predict next number spilled out by rand() if you know few previous.
I always thought that there is no standardized rand() function in the stdlib library. This is why the sequence, given a fixed seed, isn’t identical between platforms. Who knows what the compiler builders of a platform used for its implementation. Most likely a pseudo number generator as you mentioned. But perhaps on some other platform they decided to use the TRNG capabilities a lot of CPUs have for generating numbers.
It's not just cryptography. In my thesis I needed random numbers, I used the rand function (c++ but i think I used the c function) and the results were terrible. So I either had a logic bug in my code, I disproved years of research going back to the early 80s or my numbers weren't very random. Apparently there are levels of randomness for any pseudorandom generator and this wasn't good enough. I implement a Merssenne teister andI started getting proper results.
Where i used to work, we needed a good RNG for a project. To make sure that rand returned a true random number, i used the raw binary snapshot of a heat sensor, convert it to decimal and multiply by time(). Voila! Untraceable, unique true random seed from the chaos of our universe.
@@dynad00d15 Gotcha. I just mention it because a ton of people for reason still believe that computers don’t have a way to generate true random numbers without specialized hardware
@@Christopher876 that's because they can't. but they can they can generate good enough ones for most cases. besides, what "true random number" even means...
This lrobably isn't a good idea, because the loop in which you use the RNG takes roughly same time, resulting in lower variance in the seeds which gives you few values, instead of using the generator to generate random numbers on its own as theyre usually evenly distributed
Often the value is read from a clock that ticks much less often, so the resolution is coarser. Example: a millisecond clock delivers 1000 different nanosecond values only. Also if you call more often, each value returned will be the same until the next millisecond.
It's good to introduce CSPRNGs to people, but unless you're performing something that needs to be secure (in which case you should only and exclusively use 3rd party vetted libraries), you really don't need to use that. Seeding the default PRNG is fine for anything that doesn't require crypto security like a game or to just randomly select something in a group. In fact, CSPRNGs might be bad for a game since they are very heavy operations that require entropy pools, which can slow down a real time rendered game.
Hardware makes randomness pretty good. Need hardware module to measure entropy in the environment. Hmm.... What if you could get entropy based on the weather report, direction or the wind, or I dunno just put an antenna that listens to static?
Every random thing is random only because we don't know the factors and sources of where it generates from. The question is how well can we mask that and how complicated can we make the sequence. I've heard XOR is a pretty nice tool for crypting, is this true?
XOR is perfect if you have an uncompromised, truly random one-time pad cipher. While randomness can be guaranteed with a pair of dice and a few easy operations on paper, the "uncompromised" feature requires extensive physical security.
In the deterministic system we live in, nothing is truly random. A lack of knowledge about initial conditions doesn’t equal randomness, it’s rather random to the ignorant mind.
by watching this i had other question , i know it a little odd idea but how to generate secure random number without using external liblaries used for that ?
TBF the concept of something being "external" or "third-party" is a human construct; the machine cannot understand that something was not written by your hands. Now, your question has 2 branches: do you just want something that's cryptographically secure, or true randomness? If you are satisfied by a CSPRNG, then you can either write your own code to implement such an algorithm (note: *do not try to invent the algorithm* ), or just use an external library that provides an implementation for you (as I said before, it's just as though you wrote it, bar licensing nuances). However, if you want true randomness from an outside source, you will unfortunately have to interface with the hardware, which cannot be done portably (there are ways to make it easier to port code to other platforms though).
LLL: *Talking about how RNG is not really RNG* Me: “Not random enough for you? Just grab the memory address of some variable, preferably a local one. Bonus points if it’s a variable that’s been dereferenced.” :)
Sorry i am not even a programmer, just know the basics(and haven't touch any for more than a decade), but what happens if you put rand() inside a rand() like this rand(rand(rand(rand(rand())))) and so on so on, does it even take an argument anyway?
At this point in life, I associate "random" number generators with (random) hash functions. PRNGs have a "state", which gets scrambled by the algorithm, and it has to be deterministic. A hash function in this case is a decoupling of "state scrambling" function. There are many advantages of your randomness being predictable (procedural generation in games), nothing wrong with that. If you want your "random" be "secure" (uncrackable), you want to look into cryptographic hashes/PRNGs, for example, permuted (linear) congruential generators (PCGs).
One thing to be careful of though is that you can't just take any good PRNG and try to repurpose it as a "good" hash function over the state. But using a good hash function over a counter will always result in a good PRNG (per definition of a good hash function)
Yeah they taught that in the first 4 weeks of CS in college. When we utilized random numbers in C we used time to adjust the pre determined values like this: " srand(time(0));". Very basic concept.
~ 4:00 - And here, when you reach interesting stuff, you just commence some hand-waving and call it a day. Do you _understand_ what those cryptographically secure functions actually do?
If you use the internal clock and devide by the new clock time to generate the first seed you will geneerate a distribution that is almost perfect and use a different starting seed every time. Althoe this is not a true random number its close enough for anything you want to do.
Nitpicking here, but the distribution wouldn't be perfect since in LCGs the Xn and Xn+1 are correlated. It would fail some statistical randomness tests and could be reverse-engendered to get all parameters of the generator given a few consecutive values.
First I will have a list of Alphabet both capital as lower case then I will create a function that shuffle them then I will get their char code at random index because they are in Map or Array which based on preference. So after that I will multiply that number with an Library from math then take the random mod and plus it with another random number then take the division with another random number and plus everything together... That how You build random number generator.. Securely Secure 🔐
Just use the random library of C++ if you code in C++. It makes me sad when people use rand in C++ code. Like it's necessary to write code in the 80s style.
There is no correct use of rand(), because almost all implementations use a incredibly weak PRNG to implement it. It's also very slow in comparison to way higher quality PRNGs.
@@Nerthexx There are high quality PRNGs, like the romu family, that are even faster than the lcg rand implementation shown in the video This is due to fewer dependencies between states. RomuDuoJr e.g. just costs the throughput of a single multiplication but packs a lot of other mixing operations that are executed while the costly multiply happens into the CPU pipeline. Meanwhile, the lcg needs to wait for the multiply to complete before doing the addition. In practice however `rand()` is even slower, because no libc implementation I know of offers an inline definition of `rand()`, so you always pay for the indirection.
these two derive from their randomness from outside influence (e.g. the time when a packet reaches your network card) they are also cryptographically secure, although /dev/random is a bit more secure but has the downside that the time it needs to generate you a number is indefinite (aka, it can take A LONG time, maybe even literal hours if you are unlucky)
There is/was a holy war between random vs urandom. In most cases urandom is preferable, because the entropy is not something that is "used up" by generating random numbers. /dev/random is useful in atypical situations: during boot, on machines without network and IO, because these are the situations when kernel didn't observe enough pseudorandom events to fill the pool.
I mean, I guess this video was alright but considering your channel is called "Low Level Learning" I was really hoping you'd shed light on the x86 RDRAND and RDSEED instructions, where RDSEED is a true random number generator that's driven off a hardware noise source.
After hearing the examples of random numbers; I don't have any idea whatsoever as to how to represent a true random number, in the sense that the number is spontaneous and unable to be modeled under sufficiently detailed study. God and the human power of faith can produce it though, so I will pray to God for un-crackable encryption, and get back His random answer to the problem!
teehee I got a little excited with my second camera. 😇 THANKS FOR WATHCING
It is more difficult to pay attention when the view keeps changing every 10 seconds, so maybe just one camera is better. Loved the content of the video though!
I see you’ve gotten into the Billionaire hairstyle. trying to meme that life into existence?
What RNG did you use for switching between cameras?
Yeah the 2nd camera is not synced quite as well as the main cam, pretty distracting to keep jumping between synced and unsynced audio.
Too many camera switching for my ADHD brain ;(
Please make it stop 😢
Given a sequence of pseudo random numbers (no gaps) you can use a logic solver like z3 to calculate the internal pRNG state, allowing you to predict future outputs.
This even works when the generated numbers are not directly used but truncated in some way (e.g. conversion to hex/base64 representation and cutoff). This just increases compute time for the logic solver.
oooo that sounds like a fun project.
@@LowLevelTV We had a practical part in our university's cyber security coursework that consisted of a wide range of CTFs.
One of them was a JS web application that used the v8 engine's Math.random() function and derived passwords from the generated float. It also had a password reset button with no real rate limit.
Rough exploit outline:
1. Reset your own password n times in a row
2. Reset the admin password a single time (you don't get the mail of course)
3. plug the n passwords into your exploit code and calculate the internal state
4. Derive the n+1th password and access the admin account
@@31redorange08 Do you not know what CTF is
@@31redorange08 you say that, but I've seen websites that do this. sure any self respecting website would not generate you a password on reset, but its 100% a thing
TUM?
While we should always use a secure RNG function for code that demands security, there is still a use for pseudorandom numbers! A known seed is nice to debug things in games, where it is expected to be infeasible for players to predict the outcome, but something reproducible just by providing a seed and replay would help. We use it for races in randomizer hacks and Minecraft so that the players can't predict what the game state will be, but can vet it independently and make sure all participants are playing the same game.
A known seed can also be used in games that need determinism (say, for input-based replays, multiplayer, or memorizable enemy movement/attack patterns) but also want to implement something "seemingly random". For example a wander seeking behavior that always follows the same path: it benefits from the RNG for generating an irregular path, but with the same seed you can rely on it always being the same.
If you need determinism but also unpredictability, you can also use an often-changing element of game state as the seed. For example player position.
@@ishashka But with player position people will eventually figure it out and make strats like standing in a specific spot and predicting where something might spawn/move to
@@TheS1l3ntOne not really. If the position is different even by one pixel/thousanth of an inch/whatever, the seed will be different and so the rng will output a drastically different value. You'd have to be inhumanly precise for that to work. But if that's not enough, you can always do something like position plus current time in microseconds or something. And depending on the game, there's other options.
@@ishashka or go stand next to a wall or a corner
@@kacperkonieczny7333 good point. But that was only an example, there are other more game-specific parameters you can use. For example, in a shmup I'm making score is such a chaotic value. Because the scoring system is quite complex, it's basically impossible to aim for an exact value.
PSEUDOrandom, that prefix is important
true.
I thought everyone knew rand wasn't actually random
Look at me Héctor
@@CrusiobTV i've been looking at you during the last 43 minutes
@@kevinthompson5632 i didn´t ellaborate an opinion, just before seing the video said that cause lots of persons think that all "rand" generates really random numbers
My favorite computing thread to pull on here is:
- LCGs are great, so the ease of implementation makes it a good teaching method ("write your own")
- LCGs can be put into a tree-like structure. This is useful in parallel computing (where one random seed creates the seeds for 10 different threads), but a more fun example might be generating procedural plants in a video game: Say you use the seed to create 1000 randomly generated plants, each using 10 random number calls each, and you are trying to store as little data as possible (so, at the start it's just the seed). Now you want to modify the 10th plant, but in doing so you've used 11 random number calls. Now the first 9 plants are the same, the 10th has been modified, but the other 990 are all modified too because the random numbers requested have all been shifted by 1! If instead you use an LCG tree, you can basically make the RNG state local to each object instead of global to the whole program.
- I might be getting this story slightly wrong, but Bell Labs made a special purpose computer back in the 80's to simulate a particular physical system (the spin glass), but they built in a linear shift register RNG into the hardware. They still got useful results from the computer, but the poor quality RNG made the results pretty bad! So their promising hopes and dreams of scaling up the special purpose computer were dashed. But I need to check my primary sources here, I believe the machine I'm thinking of is described in "Fast special purpose computer for Monte Carlo simulations in statistical physics" and they do actually describe an RNG algorithm in that paper.
I think people often think of pseudo random numbers as somehow "worse", when really nine times out of ten they're more useful than actual random numbers (so long as they're "good" enough for the application).
That bell labs part makes me curious, couldn't they use the hardware LCG and compose it with a software shift generator or something like that? You should be able to build a good enough generator with that I think?
@@user-sl6gn1ss8p Yeah I've spent a few more minutes looking at papers related to this; I think the specific machine I'm thinking of was made in UC Santa Barbara, not Bell Labs. I'll come back and post an update to this comment if I figure out the full story. Until then, don't take my word for it! But generally there have been a few missteps with bad use of RNG in statistical physics simulation.
I did find the following quote: "we note that no new scientific results were obtained using computers in Delft and Santa Barbara. Significant results were obtained using a computer built at Bell Laboratories" from the paper "Special Purpose Computers for Statistical Physics: achievements and lessons"
@@davidmoore5846 that paper sounds interesting, I'll look it up. Thanks for the pointer : )
Great video. However, it is also worth mentioning that many modern microcontrollers have TRNGs (true random number generators). These are based on things like static, noise in semiconductors, etc. I would love to see your take on these.
My favorite seed for rand() is 42. When you use that seed it returns a string that says "The answer to life, the universe and everything".
hitchhikers
no it doesn't
casual gaslighting 😃👍
@@ゾカリクゾ Apparently you and two others don't read books and/or have no sense of humor. Thanks for reaffirming my disdain for humanity in general.
@@anon_y_mousse @anon_y_mousse lmao sorry for not reading your dog shit fantasy book
Ehh I’m not too worried about the cryptographic security of the shuffle function in my music player app lol
Most code initializes the seed with the timer only once. If you get a sequence of pseudo-random numbers you can solve these modular equations and recover the seed. Once you know the seed you know the whole sequence.
Use a noise diode gated into a counter, and make the gate time random by means of another noise diode. You can't get more random than that.
Assuming you have access and 'good enough' resolution of your processor's temperature reading, I think you can combine time + temp read for your seed value :D
This video's topic was so random 🥁
you had me in the first half
This channel is really becoming my new favorite, your videos are great!
Glad you enjoy it!
I learned this the hard way when using it for an MPI application, getting the same number on different processes running in parallel 😂
Really good video explaining the foundations of why such customary stuff is written
I just wanna say that this video and "Why rust is being used for evil" are putting us in infinite loop if we follow that recommended video. :D good vids!
fixed thank you! :D
I mistakenly assumed the newer random() implementations read from the system random number source device. In Java, I ran into some issues with performance because in Java they did reach out to the device in AIX and Linux and had performance differences.
I see where you're coming from, but that would actually be a bad idea, and absolutely break many applications - PRNs are not "worse" random numbers, their "pseudoness" actually comes with benefits.
Say you want to load a previous state from an application and make sure it will run the same way as the last time. If it uses entropic randomness, that's not possible. With PRNs, all you have to do is save the seed. Same idea to recreate procedurally generated content. It also makes testing WAY easier.
Also, I would never expect C (or C++ for that matter) to change the inner workings of a standard library function like that, since it breaks both behavior and, as you noted, can be much slower. It would also be way less portable.
@@user-sl6gn1ss8p Thank you. It is an interesting set of use cases -- and I had not thought of that angle.
@@user-sl6gn1ss8p TBF your point about "entropic" (i.e. true) randomness is false; you can just as well store the truly random seed for future reference.
@@erikkonstas sure, if you use a PRNG with an "entropic" seed and save it, that's fine, same as saving any other seed, but he said he assumed random() read from the system random number source device, so that wouldn't work.
I was also comparing PRNs to "true randomness" - if you use "true randomness" directly (not as a seed you can save), then you do loose the predictability of PRNGs
Since your channel is called "Low Level Learning", I would have expected you to talk about true random number instructions like rdrand 😅 and a sample where you use it.
~ 0:30 - You seem to believe (probably correctly) that most of your viewers don't read the first few sentences of tha manual page. This is from man(3) page fro glibc implementation:
"The rand() function returns a pseudo-random integer in the range 0 to RAND_MAX inclusive (i.e., the mathematical range [0, RAND_MAX]).
The srand() function sets its argument as the seed for a new sequence of pseudo-random integers to be returned by rand(). These sequences are repeatable by calling srand() with the same seed value.
If no seed value is provided, the rand() function is automatically seeded with a value of 1."
Pretty clear, isn't it?
It's probably worth noting that using rand is fine in most contexts. it wasn't designed for use in cryptography in the first place, it's more meant to be a fast and simple algorithm for generating random numbers in contexts where the predictability of the algorithm matters very little. In the same way that you shouldn't use rand in cryptography, you shouldn't be scared of using it in a context where it's of no concern.
you should still seed it with a value tho
> you shouldn't be scared of using it in a context where it's of no concern.
You definitely should. Especially when doing simulations using rand() can seriously screw up your results. Also keep in mind that the period of rand can be incredibly low. IIRC on windows, rand() repeats after 2^16 calls.
I thought it was common knowledge that rand() isn't actually a true RNG and it must be initialised with a seed like the current timestamp each time it's used, no?
Except even using the current timestamp isn't actually true RNG so the video is actually useful.
You can actually combine a standard PRNG and a either a cryptographic hash function or a block cipher to make a (admittedly fairly simple and not too secure) CSPRNG. Just either hash the output of your RRNG or encrypt it using a randomly generated key to get a cryptographically secure random number
I was looking lately about using random numbers in x86 assembly and I came across two instructions, rdrand and rdseed. Since rdseed actually generates 100% random numbers and rdrand generates numbers with an algorithm that is not 100% random, but it uses rdseed to calculate these values, so it is relatively more random than using the computer team (I think at least 😀)
Rdseed is very fast and will produce a true random number from a dedicated entropy source inside the intel cpu. Intel also provides a c library for this. Not sure why so few of these videos about random numbers don't know about this.
I enjoyed this video on the use of rand() and RNG (Random Number Generation) in coding! It's fascinating to see how these techniques can be applied in various scenarios, from simple games to complex simulations. The explanation of different RNG algorithms and their strengths and weaknesses was particularly informative. It's always great to be reminded of the importance of high-quality randomness for security and statistical applications. Thanks for sharing this educational content!
Glad it was helpful!
Not to be a negative Nancy nd ruin the wholesome atmosphere, but this comment sounds so AI generated.
@@comradepeter87 Thought the same. 95.7% probability.
Yup, really looks AI generated
@@comradepeter87 Yeah, I've seen this same sentence structure at least hundred of times. They usually start with "I really enjoyed this video" or "I really learned a lot from this video" etc etc. Then they write some things in tech jargon, and end their comments with thanks. They're all AI. I often see them under tech youtubers' videos. Who even writes RNG (Random Number Generation) like this with long form in parantheses and correct capitalization 😀 Read other comments everyone except this account wrote RNG and that was enough.
I am pretty certain that it is common knowledge among people who studied engineering in the last decades and had to use tools like MATLAB that there is no such thing as truly random values when compiled binaries and interpreters give those. I don't know all the details though, just that values are read which differ in time so the kind of random time at which the user starts some function determines those values and that way pseudorandom numbers are generated.
I've had good results using the Mersenne prime 2^31 - 1 range since it fits into a 32 bit word easily. Stochastic seeding and re-seeding tables can be generated in real time. Also there lots of public domain tests for uniformity - NIST has a few good ones.
The reason why you got same random generated number at start of the video is because you system allocated same piece of memory for your program every time you ran it since there wasn't that much things going on in background. If you kept running it again and again for 10-30 seconds you would eventually get different random number, also repeating for some time. Actually figured this one out years ago at university when we were making some random project and couldn't figure out why random function always returned same number.
Well, should I suggest getting enough random number for 256 bits, then run SHA-256 on it? That might obscure it a little more...
Something felt weird about this video, compared to your other ones. Did you use an AI to generate the script or something?
if you plot a graph of number x next_number from a simple LCG, you can actually see "lines' of dots, in different directions. The slopes of these lines can be used to calculate a, c and m. For rand() (which may have RAND_MAX = 2^15 - 1), you could probably actually do this by hand (like, measuring the lines by hand), if you have a long enough sequence (I want to say maybe like 200 numbers if you know what to look for, but don't quote me on that).
So yeah, once you have that and a single number, you have all the rest.
All of your videos truly stand up to your channel name ❤.
Like the way you dig into the fundamentals of a topic that u discuss!
A little trick if you're programming on NES or Game Boy or some other retro platform with no operating system or real time clock. Since you don't care about "unsafe code" or "computer security" when programming these things, one way is to take a checksum of uninitialized RAM as the console boots up. On real hardware this isn't pseudo-random so you can use it to seed a pseudo random number generator of your own creation. (I often use a combination of XOR and bit shifting since it makes "nearby" seeds produce vastly different outcomes. A lot of old games would also use the player's input to obfuscate the RNG patterns as well
Nice info! In Veracrypt, you could input some randomness by giving it some mouse movement XD. It’s very interesting to use it in old games!
0:02 freeze frame could be an alternative to the 'Ancient Aliens' meme "Aliens."
xoxoxo
3:03 Mistake: you are not seeding the RNG with the nanosecond time, you are seeding it with the address of the nanosecond time, if you turned off address space layout randomization it would have produced the same values every time.
We also have the Dilbert random number generator, which always randomly outputs just the number 9.
The other problem is that libc's rand() may have different implementations across platforms and architectures, so it does not necessarily return the same value with the same seed.
I sincerely hope that there are zero programmers out there relying on the predictability and consistency of a random number generators output across operating systems... It makes sense for a random number generator to have undefined output... this can hardly be called a problem.
@@minneelyyyy it would matter if you're using a random number generator with a specific seed in automated testing. Different output would mean the test would fail on a different operating system.
@@minneelyyyy A very common place where you want this is in game developing. Procedurally generated content needs to be uniform across platforms, like the world generation using seeds in Minecraft, it needs to be consistent in every machine.
@@LogicEu Yeah, but you should really use a custom PRNG if you want that kind of consistency, which I believe MineCraft does.
@@anon_y_mousse My point exactly! Do not use rand() if you need consistency across systems, like in games. Best choice is to roll your own.
I chuckled a bit imagining you recorded several versions of nodding depending on the secureness of your code
Getting random numbers in computergraphics is an art form. And there is a whole class of different noise functions.
So, according to quantum mechanics, a truly random phenomenon is the decay of a radioactive isotope, specifically: it is impossible to predict when a particular atom will decay, regardless of how long the atom has existed. So lets write a device driver for radioactive materials, and this driver will use them to generate true random numbers. I think we should place this device under /dev/uranium, as a small nod to /dev/urandom :)
There's a great talk about `rand` by Stephan Lavavej called "rand() considered harmful" that goes in-depth as to why rand is such a horrible function, and then he talks about the C++ alternatives.
The safety mafia just need to stop. rand() giving you the same number with the same seed doesn't make it "unsafe" xD
The "True Random" things you mentioned might not be random either! What if the universe is deterministic! You don't know!
I mean, in this case it's secure if it's reasonably unpredictable. You can't reasonably predict random noise from high-energy particles from space passing through a detector or lava lamp fluctuations recorded on camera; however you can predict next number spilled out by rand() if you know few previous.
Swapping camera angles got a bit busy in the end. Classic shot A works well.
Another interesting video, gotta look into random number generating algorithms.
I always thought that there is no standardized rand() function in the stdlib library. This is why the sequence, given a fixed seed, isn’t identical between platforms. Who knows what the compiler builders of a platform used for its implementation. Most likely a pseudo number generator as you mentioned. But perhaps on some other platform they decided to use the TRNG capabilities a lot of CPUs have for generating numbers.
It's not just cryptography. In my thesis I needed random numbers, I used the rand function (c++ but i think I used the c function) and the results were terrible. So I either had a logic bug in my code, I disproved years of research going back to the early 80s or my numbers weren't very random.
Apparently there are levels of randomness for any pseudorandom generator and this wasn't good enough. I implement a Merssenne teister andI started getting proper results.
@@var67unfortunately, too long ago
3:00 why are you passing &ts to srand?
I've been watching this guy so long and I've only now noticed that he uses 8 SPACE INDENTING
Where i used to work, we needed a good RNG for a project. To make sure that rand returned a true random number, i used the raw binary snapshot of a heat sensor, convert it to decimal and multiply by time(). Voila! Untraceable, unique true random seed from the chaos of our universe.
Why not just use jitter entropy? You have true randomness right there and it’s just built into the Linux kernel
@@Christopher876 Because i didnt know at the time.. (that was 9 years ago, or so..)
@@dynad00d15 Gotcha. I just mention it because a ton of people for reason still believe that computers don’t have a way to generate true random numbers without specialized hardware
@@Christopher876 I still think my solution was elegant. Took me 4 hours to code, setup, test and integrate to the project.. :D
@@Christopher876 that's because they can't. but they can they can generate good enough ones for most cases. besides, what "true random number" even means...
Hey that second camera is great and all but please use it a bit less it makes it difficult to follow the video. Love the content keep it up!
What about setting the seed based on the nanoseconds every time before generating a new number?
This lrobably isn't a good idea, because the loop in which you use the RNG takes roughly same time, resulting in lower variance in the seeds which gives you few values, instead of using the generator to generate random numbers on its own as theyre usually evenly distributed
Often the value is read from a clock that ticks much less often, so the resolution is coarser. Example: a millisecond clock delivers 1000 different nanosecond values only. Also if you call more often, each value returned will be the same until the next millisecond.
It's good to introduce CSPRNGs to people, but unless you're performing something that needs to be secure (in which case you should only and exclusively use 3rd party vetted libraries), you really don't need to use that. Seeding the default PRNG is fine for anything that doesn't require crypto security like a game or to just randomly select something in a group. In fact, CSPRNGs might be bad for a game since they are very heavy operations that require entropy pools, which can slow down a real time rendered game.
You also can generate a true random seed and use it for pseudo random generator.
Hardware makes randomness pretty good. Need hardware module to measure entropy in the environment. Hmm.... What if you could get entropy based on the weather report, direction or the wind, or I dunno just put an antenna that listens to static?
/dev/urand is your best friend in such situations
well in a deterministic state machine the result is always fully predictable, ie, when the program halts (halt conditions)
Careful with all those jump cuts, you're going to give someone whiplash!
What is your neovim theme?
i'll share it on stream today or tomorrow.
@@LowLevelTV okay
Every random thing is random only because we don't know the factors and sources of where it generates from. The question is how well can we mask that and how complicated can we make the sequence. I've heard XOR is a pretty nice tool for crypting, is this true?
XOR is perfect if you have an uncompromised, truly random one-time pad cipher. While randomness can be guaranteed with a pair of dice and a few easy operations on paper, the "uncompromised" feature requires extensive physical security.
arent there A-symetrical algorithms in math that can be seeded and the seed discarded to create a true random formulation?
कहते है जिसे अनियमितता वह तो स्वतंत्रता है,
कहते है जिसे अराजकता वह तो सत्य का राज्य है।
In the deterministic system we live in, nothing is truly random. A lack of knowledge about initial conditions doesn’t equal randomness, it’s rather random to the ignorant mind.
Didn't Intel implement (or try to) true random generators from thermal fluctuations over single transistors or something like that?
by watching this i had other question , i know it a little odd idea but how to generate secure random number without using external liblaries used for that ?
TBF the concept of something being "external" or "third-party" is a human construct; the machine cannot understand that something was not written by your hands.
Now, your question has 2 branches: do you just want something that's cryptographically secure, or true randomness?
If you are satisfied by a CSPRNG, then you can either write your own code to implement such an algorithm (note: *do not try to invent the algorithm* ), or just use an external library that provides an implementation for you (as I said before, it's just as though you wrote it, bar licensing nuances).
However, if you want true randomness from an outside source, you will unfortunately have to interface with the hardware, which cannot be done portably (there are ways to make it easier to port code to other platforms though).
Don't know why the second camera angle is necessary, are you trying to flex that you have two cameras or something?
LLL: *Talking about how RNG is not really RNG*
Me:
“Not random enough for you? Just grab the memory address of some variable, preferably a local one. Bonus points if it’s a variable that’s been dereferenced.” :)
Could you explain us how the ssh library produces cryptographic safe random number?
Good ole' intel dithering. Random is a phony concept. Nothing is truly random.
I wonder what sources of entropy it could find other than the clock
... but what is the algo inside openssl? I came here to get to the bottom of things :x
Sorry i am not even a programmer, just know the basics(and haven't touch any for more than a decade), but what happens if you put rand() inside a rand() like this rand(rand(rand(rand(rand())))) and so on so on, does it even take an argument anyway?
At this point in life, I associate "random" number generators with (random) hash functions. PRNGs have a "state", which gets scrambled by the algorithm, and it has to be deterministic. A hash function in this case is a decoupling of "state scrambling" function. There are many advantages of your randomness being predictable (procedural generation in games), nothing wrong with that.
If you want your "random" be "secure" (uncrackable), you want to look into cryptographic hashes/PRNGs, for example, permuted (linear) congruential generators (PCGs).
One thing to be careful of though is that you can't just take any good PRNG and try to repurpose it as a "good" hash function over the state. But using a good hash function over a counter will always result in a good PRNG (per definition of a good hash function)
Very informative, thank you.
Thanks for watching!
Yeah they taught that in the first 4 weeks of CS in college. When we utilized random numbers in C we used time to adjust the pre determined values like this: " srand(time(0));". Very basic concept.
~ 4:00 - And here, when you reach interesting stuff, you just commence some hand-waving and call it a day. Do you _understand_ what those cryptographically secure functions actually do?
I was thinking the same thing, I wanted to know what "entropy" they were using to create the so-called true randomness
Why would you ever use the built in PRNG algorithm???? Ouch.
If you use the internal clock and devide by the new clock time to generate the first seed you will
geneerate a distribution that is almost perfect and use a different starting seed every time.
Althoe this is not a true random number its close enough for anything you want to do.
Nitpicking here, but the distribution wouldn't be perfect since in LCGs the Xn and Xn+1 are correlated. It would fail some statistical randomness tests and could be reverse-engendered to get all parameters of the generator given a few consecutive values.
First I will have a list of Alphabet both capital as lower case then I will create a function that shuffle them then I will get their char code at random index because they are in Map or Array which based on preference. So after that I will multiply that number with an Library from math then take the random mod and plus it with another random number then take the division with another random number and plus everything together...
That how You build random number generator.. Securely Secure 🔐
Is there a way to call RDRAND in C as opposed to assembly?
Inline assembly?
oh well. what computer rng is truly random...
Hm...Could you seed the rand function with the CPU temperature? I was of the impression that that should be effectively random as I understand it
Unless you have a high accuracy thermometer your entropy for the seed is pretty low
I’m other languages the seed changes, like in Go
How did you make the first c code to give same number without using srand
rand defaults to a seed value of 1 if srand is not called
Just use the random library of C++ if you code in C++. It makes me sad when people use rand in C++ code. Like it's necessary to write code in the 80s style.
The same seed generates the same result.
Um so is it a typo that the title of this vid has the word "are" twice?
Thank you :)
There is no correct use of rand(), because almost all implementations use a incredibly weak PRNG to implement it. It's also very slow in comparison to way higher quality PRNGs.
If you want cryptographic security, true. However, it can be used for testing and demonstration purposes as well as just for fun.
You can't really make a faster PRNG than this.
@@Nerthexx
There are high quality PRNGs, like the romu family, that are even faster than the lcg rand implementation shown in the video
This is due to fewer dependencies between states. RomuDuoJr e.g. just costs the throughput of a single multiplication but packs a lot of other mixing operations that are executed while the costly multiply happens into the CPU pipeline. Meanwhile, the lcg needs to wait for the multiply to complete before doing the addition.
In practice however `rand()` is even slower, because no libc implementation I know of offers an inline definition of `rand()`, so you always pay for the indirection.
How about /dev/random and /dev/urandom?
these two derive from their randomness from outside influence (e.g. the time when a packet reaches your network card)
they are also cryptographically secure, although /dev/random is a bit more secure but has the downside that the time it needs to generate you a number is indefinite (aka, it can take A LONG time, maybe even literal hours if you are unlucky)
To add to what @Kuhluh says, /dev/random will block if the device cannot get enough entropy, urandom will not.
@@kuhluhOG Can confirm /dev/random is annoying.
There is/was a holy war between random vs urandom. In most cases urandom is preferable, because the entropy is not something that is "used up" by generating random numbers. /dev/random is useful in atypical situations: during boot, on machines without network and IO, because these are the situations when kernel didn't observe enough pseudorandom events to fill the pool.
I would love to see the cuts be used less, to be honest - I find it distracting, when the camera switches.
It is like urandom and random in Linux, based on system noise.
awesome video. But too much cam switching.
STOP THE MULTI CAM SWITCHING, PLEASE!!!!!! PRETTY PLEASE WITH SUGAR ON TOP !!!!!!!!!!!!!!
jump cuts :(
but i did think it was using pseudorandom numbers, what do i win
Are you using pseudorandom camera angles to make a point?
I mean, I guess this video was alright but considering your channel is called "Low Level Learning" I was really hoping you'd shed light on the x86 RDRAND and RDSEED instructions, where RDSEED is a true random number generator that's driven off a hardware noise source.
2:02 1337? oh wait 😮 1337 bro 1337. have you watched any movies?
After hearing the examples of random numbers; I don't have any idea whatsoever as to how to represent a true random number, in the sense that the number is spontaneous and unable to be modeled under sufficiently detailed study.
God and the human power of faith can produce it though, so I will pray to God for un-crackable encryption, and get back His random answer to the problem!
Number generator is a security risk under Linux.
BSD is far better in this case.
how?
Using the /dev/urandom device for entropy is considered cryptographically safe.
It's a bit dizzying for the camera to be moving so much 😅 Otherwise, great video