|
|
Subscribe / Log in / New account

Random vs. Cryptographically random are typically separate

Random vs. Cryptographically random are typically separate

Posted Sep 20, 2015 5:29 UTC (Sun) by njs (subscriber, #40338)
In reply to: Random vs. Cryptographically random are typically separate by anselm
Parent article: Python and crypto-strength random numbers by default

I've come around to feeling that it's unfair to call programmers "sloppy" because they thought that a function called random.random() would return random numbers. Everyone understands how dice and coin flips work, and that's how random number generators are always taught to new programmers, and if random.random() actually worked the way dice and coin flips worked then it would be safe to use for any purpose :-/.

Obviously you and I know that computer "random numbers" are this weird thing that are almost-like-random but with extremely subtle failures that only matter in certain obscure but high-stakes contexts... but it's not really newbie programmers' fault that they don't automatically know this. (Sure, there's a warning in the docs, but if you don't know to look for it...)

to post comments

Random vs. Cryptographically random are typically separate

Posted Sep 23, 2015 1:35 UTC (Wed) by dvdeug (guest, #10998) [Link] (1 responses)

Computer "numbers" are these weird things that are almost-like-numbers with fairly non-subtle failure modes in many contexts.* A lot of learning computer programming is learning all these details where things don't work the way one would naively expect them to. If they don't understand that random.random uses a deterministic RNG, then they probably have a lot of other problems in programming.

* E.g. exists a, b, i, j such that (a > 0.0) && (b + a == b) or (i > 0) && (j > 0) && (i + j < 0).

Random vs. Cryptographically random are typically separate

Posted Sep 23, 2015 15:26 UTC (Wed) by apoelstra (subscriber, #75205) [Link]

> If they don't understand that random.random uses a deterministic RNG, then they probably have a lot of other problems in programming.

CSPRNGs are also deterministic. Determinism is not what burns cryptographically-inexperienced programmers.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds