1. Best Random Number Generator

This shouldn't have been downvoted because it is exactly correct.Cryptographic generators don't work like PCG and xoroshiro and Mersenne Twister. They're generally built by taking a cryptographically secure cipher or hash core, 'keying' it with secret entropy, and running it in a streaming configuration (like CTR mode).A properly designed CSPRNG can only be 'cracked' in a few specific scenarios:1. The primitive it's built on (or the streaming construction it's configured in) is broken, in which case the news for cryptography as a field is significantly bigger than the fact that an RNG has a flaw.2. An attacker has exploited a systems flaw to directly disclose the contents of the memory the CSPRNG is operating out of, in which case you have bigger problems than your CSPRNG.3. The secrets that key the generator have become predictable.

This is in practice the only way CSPRNGs get broken (unintentionally), and, in practice, always means the CSPRNG wasn't initialized properly (the 'cold start entropy problem').You should use the getrandom system call, or read from /dev/urandom, to the exclusion of all other mechanisms. I'd have called that a PRNG, because to me there were only two main categories. Pseudo-random, where it's designed to be unpredictable, and actually random where it is based on an external hardware source of true random information.A CSPRNG is surely a type of PRNG. Is that not right?Their comment doesn't really seem correct to me. The title is 'Cracking random number generators (xoroshiro128+)' which seems pretty accurate to me.

The article definitely doesn't seem to say it's breaking anything other than a very specific, flawed random number generator. I understand the 'broken benchmarks' problem and I acknowledge that there are some cases that are so demanding and have such low security sensitivity that it makes sense to have an LCG in the standard library.But I stand by my argument that the default platform RNG should be a CSPRNG, and that developers should reach for a CSPRNG by default.Which makes all the attention we've been giving to stuff like xoroshiro128+ and PCG pretty confusing to me. It feels like people arguing very earnestly about non-problems, while ignoring a huge problem in our standard libraries. You're right, that was too short and thus too harsh. Please accept my apologies.So a short roundup:/dev/random and /dev/urandom used to be exactly the same (on Linux), except that /dev/random did some voodoo 'entropy estimation' that the Linux kernel guys are totally in love with, but everyone else doesn't trust anyway. Even if there was a plausible model how to estimate entropy, which there isn't.In the meantime things have changed quite a bit. But the main thing to know is the same: /dev/urandom is the device you want to use for cryptographic randomness.

/dev/random is an oddity that will be there forever because Linux takes backwards compatibility (for user space) extremely seriously.(On other Unixoid platforms you also want /dev/urandom)If you can use syscalls and don't need a device, use getrandom(2) over /dev/urandom. It's better.Oh, and please note that the Linux man pages have been updated! They now state clearly that /dev/urandom is suitable for cryptographic use.

Of course, lots of old man pages floating around on the web. Unfortunately, the article isn't in the best shape right now.Back when it was written, things were clear: random and urandom are the same. Then came getrandom as a distraction.

Now urandom is based on chacha. So it's different (but not worse – still, harder to explain).The article's structure couldn't easily accomodate those changes, and time was and is in short supply, and so it's not wrong, but much less forceful and clear than it used to be. I hope it shapes up soon, but don't promise anything!Still, I don't know a more up-to-date article. Maybe Thomas Pornin has something newer on StackOverflow? The article is a serious waste of time.It can be summarized as 'Non cryptographic PRNGs can be predicted! Look, I cracked this one!

I'm not going to tell you how I did it though.' There's no exposition describing non cryptographic PRNGs, nor any evidence given for why they're not sound beyond the author's assertion that he cracked one.To be clear, non cryptographic PRNGs are often predictable, and shouldn't be used if that's a problem, but if you're interested in learning more about that, this article isn't going to help you much.Skip the read. As someone who first learned how to program by implementing PRNGs but never really digging deeper into it, I found this post very interesting to read.

I do have an idea about some (small portion) of the things behind it, but I have no background in cryptography.Looking at the other posts, it seems like most PRNGs are fine for non-cryptographic applications, but what are other ways to make PRNG's though? Everything I've learned (mostly simple stuff; Linear Congruential, Midsquare, etc.) seem to need to store a state to work, because otherwise, wouldn't you just output the same thing over and over again? I know there's stuff like /dev/random (though I'm unsure how that works), but that doesn't seem like a good idea for getting a lot of numbers. Professor O'Neill (mentioned in the article) has written a PRNG 1. The jury is still out on how powerful it is in general.

There continue to be fights between what it means to be random for cryptographic purposes vs. Numerical analysis purposes.That said, the PDF on that site that serves as a writeup for PCG contains a nice discussion of the links between the size of the state held and the strength of the algorithm, including a discussion of the state of the art for crypto- and non-crypto- PRNGs.1. There is in fact no real debate about what's required for an RNG to be suitable for security purpose.

The standard for security is cryptographic. To design a new secure RNG, you effectively need to design a new cryptographic primitive (most likely, a new native stream cipher).There may indeed be some debate about the requirements for non-security numerical analysis applications.Most development platforms should be defaulting to secure random number generators, and most developers should be reaching for secure random number generators as their default choice.

Best Random Number Generator

Neither PCG nor xorshiro128 are examples of these. Most development platforms should be defaulting to secure random number generators, and most developers should be reaching for secure random number generators as their default choice.I was curious about this statement. So I did some research.This page indicates that xoroshiro128+ generates 64-bits in 0.81ns on a modern 3.6GHz CPU.If I'm reading this page correctly ChaCha20 gets about 0.8 cycles per byte these days on modern CPUs.Running the math we get 9.88 GB/s for Xoroshiro128+ and 5.14 GB/s for ChaCha20 (assuming a 3.6GHz modern CPU for both).Actually a lot closer than I thought. It never occurred to me that a CSPRNG could compete, performance wise, with a non-CS PRNG.I'm sure there's variation here.

Sometimes CSPRNGs will have re-keying cycles, and probably most implementations aren't going to use the highly optimized version we see in the benchmark. I'm not sure if the Xoroshiro128+ benchmark I found used a version utilizing all the SIMD functionality of the CPU (like the ChaCha20 benchmark does).

I'm also not sure if Xoroshiro128+ is the fastest PRNG or not.But I have to say, if these numbers are accurate. You're just plain right. There's no reason to default to a non-CSPRNG. CSPRNG is a safer default, and in the rare scenario that a developer needs more performance they can go seek out a specific PRNG for their needs. Rome total war playable factions.

Random number generation / Random NumbersGenerate number betweenand= 34This random number generator (RNG) has generated some random numbers for you inthe table below. Click 'More random numbers' to generate some more, click 'customize'to alter the number ranges (and text if required).