Hi Dave, if it's seeded each time with the time that's very predictable. I'm not a mathemetician and not into this stuff, but with what you just said, there'd only be a set of random numbers that equal the number of seconds in a day.

Generally once seeded, with whatever, a random number generator with state will then produce next number from last number, traditionally by squaring and taking out a middle portion of the resulting number. In any event, the algorithm is consistent.

But if what you are saying is literally true, someone could generate session id's for the different times and use them. Not much better than sequential numbering.

rd


Dave Odom wrote:
If you use the REXX RANDOM function and don't fill in a "seed", REXX will automagically pull the system time and use that for the seed, making the resulting random number, random.
Dave

Ralph Daugherty <rdjfc@xxxxxxxxxxxxx> 9/9/2008 10:33 >>>

But to be unpredictable, Nathan, in the sense that pseudo-random generators generate consistent random number sets for a given seed (although IBM's crypto level generator may already do something like this), I plan on adding a concatentated job number and seconds to each random number. It will throw the cracker algorithms off for those who are able to obtain a few sequential generated numbers and make it predictable. (The danger is one of them able to take control of someone's session by predicting the session id.)

I have never used pseudo-random generator output. The only random numbers I ever needed was for my Double Deck Pinochle dealing algorithm, and random nuumber generators are nowhere good enough for that. In the beginning I skipped around in my Z-80 object code on external events (clock and key press intervals and modulos of the object code) but found 8086 object code wasn't any good for that, and so I generated 32k of pseudo random numbers and jump around in that. On the other hand, that wouldn't be good enough for session id's.

So I'll be using standard pseudo random generator and offsetting it each time.

Not that anyone is going to go to all that trouble to break into my Pinochle server and change the score or something. :)

rd


Nathan Andelin wrote:
Dave Odom wrote:
How about using the RANDOM function in REXX ...
I just looked up the RANDOM function in the reference guide and it sounds like it would work well, too. It seems that a good seed is a key to all the random number generators.

Nathan.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.