There are also some basic websites that allow for random number generation, which is pretty cool. But have you ever wondered how these things actually work? How does the program “pick” which number to display? What is the method to the madness? There actually is no way for a program to truly generate random numbers, however, there are several fascinating ways that programs simulate randomness.
Pseudo random number generators are what IDEs use in order to simulate random number generation. There are no actual methods to generate true random numbers with a computer. It just is not possible. There are two parts to simulating a random number generator. First, there must a seed or a key that is given to the program. Secondly, this key or seed must then be used to determine the random numbers. The sequence of numbers that are generated is then completely based on the seed that was given. Meaning that if the same seed is fed to the method, then the same exact sequence of “random” numbers will be generated. Where does the seed come from? Well, some pseudo random number generators associate a seed value with the system time. So seed “1” may be 12:00.000000AM, whereas seed “3” may be 12:00.000002AM and so forth. Others allow the user to input a certain seed so that the user can ensure they never get the same seed. It is quite simple to see that these forms of random number generation are not actually random. If you were to use a random number generator that gets its seed from the system time on the computer, then if you chose to generate a sequence of numbers every twenty four hours at the exact time every day, then you would get the same sequence. While it may seem like this would lead to errors, these pseudo random number generators are actually quite reliable. This is a good basic visualization showing the steps of a pseudo random number generator:
But these kinds of random number generators obviously aren’t secure. If you were to use a pseudo random number generator to create a password, someone could just find out the exact time you ran the generator, and just do it at that time to find out your password. So what kind of methods do corporations and governments use to generate random characters in a secure manner? They use cryptographically secure pseudorandom number generator (CSPRNG). Very creative, I know. There are a couple major differences between a CSPRNG and a regular PRNG. The largest difference is how the seeds are generated. A CSPRNG operates through gathering entropy, meaning it bases its seeds on unpredictable input (variance of fan noise, mouse movements, and incoming network packets), rather than using something periodic like system time. A CSPRNG must be able to pass the next-bit test The next-bit test simply states that it must take a non-polynomial (i.e. exponential) amount of time to determine the next number in a sequence over a 50% probability of getting the number correct. It must also be virtually impossible to construct the correct sequence of “random” numbers if a part of the sequence is already known.
There are no perfect methods for generating a sequence of random numbers, however, there are a few ways that may as well be perfect. CSPRNGs are pretty secure, but there are times where they fail. Breaches of corporate data and government systems happens quite frequently. Millions of people’s personal information can be compromised through hackers brute-forcing certain systems that may rely on CSPRNGs to keep information secure. Examples of this include the PlayStation 3 hack of 2010 when hackers managed to access a seed that allowed them to run any software on the system and a breach in 2013 where programmers found bugs within the Java class “SecureRandom” that allowed them to steal Bitcoins. The future of PRNGs and CSPRNGs is uncertain, because their use in cryptography would become obsolete if it is proven that P = NP. All systems relying on these would fail immediately because brute-forcing would no longer be needed. So, for the sake of our society, lets all pray that it is never proven that P = NP, because if that does happen, then all chaos would break loose.