In Applied Cryptography, Bruce Schneier categorizes random number generators into three categories.

  1. If the output from the RNG looks random (passes statistical test of randomness), it could be classified as pseudo-random number generator.
  2. If the above is true, and the output is unpredictable (that is, even if you know how to find out what the next number will be, it's pretty much too hard to calculate it), it's a cryptographically secure pseudo-random number generator.
  3. If you cannot reliably reproduce the sequence from the RNG, if you feed the same seed to it, it's a real random number generator.

Because the computers are completely deterministic machines, it's pretty darn hard to make anything that even remotely looks like a real random number generator, unless you equip your machine with a sensor that observes quantum events, or some equally interesting phenomena.

Making a good pseudo-RNG, or even cryptographically secure pseudo-RNG, is easier - For example, the Camel Book tells that getting gzip'ed value of some rapidly changing system information as a pseudo-RNG seed is usually enough, and you can make even hairier ways to initialize the seed to be fed to srand().

The generation of random numbers
is too important to be left to chance.
Attributed to Robert R. Coveyou, a mathematician at Oak Ridge National Laboratory.

Log in or registerto write something here or to contact authors.