Some time back I asked a question on Quora : **How does a computer choose a Random Number? **

A number of interesting responses were there, which I’d like to share here.

**The Question**

Since a computer can’t choose a number truly at random (and neither can humans, technically), what is a random number in the context of a computer. Since the computer calculates the number, is it only “relatively random” i.e. to the user, the number ‘seems’ random when in fact it isn’t? I was wondering about whether a user can successfully predict which “random” number is going to be generated by the computer.

**The Answers**

I got a few ansers, the best and most explanatory of which was by *Kiat Chuan Tan*.

There are two main ways a computer can choose a “random” number: using apseudo-random number generator (PRNG), or using ahardware random number generator.

A pseudo-random number generator, as the name suggests, isn’t truly random. PRNGs typically use deterministic algorithms such as lagged Fibonacci generators or the Mersenne twister. These numbers generated by these algorithms are completely determined by the start state, and will eventually repeat. However, a good choice of parameters for the algorithms will make the period sufficiently large for practical use (2^19937 – 1 for the Mersenne twister).

A hardware random number generator, on the other hand, is theoretically supposed to be truly random, in the sense that it is based on noise generated by physical processes, e.g. sampling of ambient noise from a sound card.

Micheal Hamburg added that:

There are some generators that (unlike the Mersenne Twister) are believed to be cryptographically pseudorandom. That is, if they start with a small amount of randomness (say, 32 bytes), then there should be no algorithm which, running on all the supercomputers in the world for a thousand years, could notice a meaningful difference between the “random” numbers they output and truly random numbers generated by a hardware device.

Now, I was wondering if I could actually find a service which could, essentially, guarantee me randomness. A source for random numbers which was truly random and unpredictable.

**Random.org**

Random.org is an interesting service operated by Mads Haahr of <!– who is a Lecturer in –> the School of Computer Science and Statistics at Trinity College, Dublin in Ireland.

So how do they generate their random numbers?

RANDOM.ORG uses radio receivers to pick up atmospheric noise, which is then used to generate random numbers. The radios are tuned between stations. A possible attack on the generator is therefore to broadcast on the frequencies that the RANDOM.ORG radios use in order to affect the generator. However, radio frequency attacks of this type would be difficult for a variety of reasons. First, the frequencies that the radios use are not published, so an attacker would have to broadcast across all frequencies of all bands used for FMAM broadcasting. Second, this is not an attack that can be launched from anywhere in the world, only reasonably close to the generator. RANDOM.ORG currently has radio receivers in several different countries, which would make it difficult to coordinate this type of attack. Third, if an attacker actually did succeed at broadcasting highly regular signals (e.g., perfect sine waves) at exactly the right frequencies from the right locations, then the RANDOM.ORG real-time statistics would pick up the drop in quality very rapidly. In particular, the Source Purity and Information Entropy tests would start failing dramatically, which would raise an alert.

nice thought! but the real question is do we really need a random number other than suit a materialistic purpose ?

There are loads of places where we’ll have to use random numbers. I’d imagine scientific experimentation is one such place, where unbiased randomness is useful.

It may also be good to use in some security operations. Where no one will need to know the nature of the number that comes next.

“Since a computer can’t choose a number truly at random (and neither can humans, technically)” .

I didn’t quite understand why the reference to humans not being able to generate random numbers is there in the post; unless ofcourse its there merely for the theatrics.

Just to bring out the point that if you were to choose a ‘random’ number between 0-100, the result would be biased because you ‘chose’ the number and hence knew what the number would be. So randomness is essentially relative. I can choose a random number for you.

Also, the fact that it is technically not possible for a computer to choose a truly random number without any external inputs. So ‘randomize’ functions are actually only random to you – not the computer. Hence it can be calculated forward.

Not true! Only in computers that doesn’t use any external input to calculate random numbers does your argument hold true; where it uses preconceived hardcoded internal logic(algorithms) to generate random numbers.

But I am not aware of humans using any form of predetermined logic to generate a random number.When i am asked to generate a random number from 0-100 range,one after the other,I really am not applying the same logic everytime, hence randomness to a degree is possible in humans,without any need to apply relativity notions.

The case against true randomness is that we tend not to say the same two numbers in quick succession.

Most computers use internal logic, if I’m not mistaken.

This, about the randomize function in visual basic :

” Because the Random statement and the Rnd function start with a seed value and generate numbers that fall within a finite range, the results may be predictable by someone who knows the algorithm used to generate them. Consequently, the Random statement and the Rnd function should not be used to generate random numbers for use in cryptography.”