tim.qfs has asked for the wisdom of the Perl Monks concerning the following question:

Hi

I think that I seem to have successfully created and tested a very simple script which when run on a Windows VPS, serves as a building block for a True Random Number Generator. I am therefore wondering to myself, if it is this easy then what is the point of Pseudo Random Number Generators?

Here is the script.

#! /usr/bin/perl
use Time::HiRes qw(gettimeofday);

($seconds, $microseconds[0]) = gettimeofday;

for ($count = 1; $count <= 1000000; $count++)
  {
  }

($seconds, $microseconds[1]) = gettimeofday;

$difference = $microseconds[1] - $microseconds[0];

print "Content-type:text/html\n\n";
print "$difference";

[download]

Typical outputs:
46980
-953586
47168
67242
59319

As you can see from the above outputs, this script seems to work very well.

Would this script work as well on a dedicated server with a very fast CPU? Are timings on VPS servers particularly volatile? Would this script work as well on all Windows systems?

If I am creating an application which is critically dependent on a good quality TRNG, can anyone see any reason why it might be a mistake to depend on this script for the purpose?

Thank you very much.

Kind regards

Tim

Replies are listed 'Best First'.
Re: TRNG Perl script query
by GrandFather (Saint) on Jan 27, 2014 at 03:37 UTC

    A little thought about the source of randomness (entropy) indicates that this is unlikely to be a very good random number source. The "randomness" comes from the variable time it takes to execute a loop, so what causes the reported loop execution time to change? Well, in a modern multi-tasking operating system most of the variation will be due to other tasks running during the loop time. So the processor running your for loop will potentially "slice" its time between several tasks. The important factor is, how consistent are the slice times?

    On busy systems with internet browser windows open or various other tasks interacting with the real world there will be a range of slice times because the real world interactions introduce a fair whack of entropy. On quiet systems there will be only a small variation in slice times because the only "random" stuff going on will be things like the real time clock interrupt so there will be very little entropy introduced and the random number generated will be poor.

    Note that measuring the quality of random numbers is hard and requires some fairly high powered maths and statistical techniques. Depending on your use for the numbers, correlations between numbers in a sequence can be al least as important a measure as the actual distribution of the numbers. I would be exceedingly surprised if your simple TRNG actually generates statistically robust random number sequences.

    If the code changes take longer than the time saved, it's fast enough already.
[reply]
      I would be exceedingly surprised if your simple TRNG actually generates statistically robust random number sequences.

      Not to mention that it's going to be fairly expensive in terms of time to G them, what with each N, however R, costing a million-count loop!

[reply]
Re: TRNG Perl script query
by Anonymous Monk on Jan 27, 2014 at 03:53 UTC

    If I am creating an application which is critically dependent on a good quality TRNG, can anyone see any reason why it might be a mistake to depend on this script for the purpose?

    Well, aside from being too simple, and depending on simple counting loop for sleeping .... to induce a difference

    If you go to TRNG they talk about dealing with bias ...

    In short, if you have to ask if yours is a good quality TRNG, it probably isn't :)

    But thats just a feeling I have (smell test) ...

    I'd seek out some kind of cryptologist mailing list or something :)

    Good luck

[reply]
Re: TRNG Perl script query
by AnomalousMonk (Archbishop) on Jan 27, 2014 at 03:56 UTC
    ... what is the point of Pseudo Random Number Generators?

    There are monks about the place far better qualified than I to answer this, but I thought that the repeatability of a PRNG was one of its main attractions. From the vast array of well-studied PRNGs, there will be one that can satisfy your entropic needs, and if you're running, say, a unit test, specifing the same seed on each test run always produces the same sequence of test input values.

[reply]
Re: TRNG Perl script query
by 2teez (Vicar) on Jan 27, 2014 at 03:12 UTC

    Hi tim.qfs,
    ..As you can see from the above outputs, this script seems to work very well...
    Did you test run this script to check the output? Because the body of your for loop is empty.
    More so, you can use perl for loop like:

    for my $count (1..1000000){
     ....
}

    [download]
    instead of that C type like you used.

    If you tell me, I'll forget.
    If you show me, I'll remember.
    if you involve me, I'll understand.
    --- Author unknown to me
[reply]
[d/l]
Re: TRNG Perl script query
by jellisii2 (Hermit) on Jan 27, 2014 at 12:40 UTC
    My vote for most interesting RNG. Of course, this not being a complete software solution may not be feasible for the problem you're trying to address.

    Good entropy is difficult, particularly as mentioned above on quiet systems. I wish you luck as you continue down the path of trying to find it. The default RNG that is built into win32 systems is terrible, IIRC.

[reply]

Back to Seekers of Perl Wisdom