So, in my first post in a millennium I’ll try to help clear up some confusion about the difference between Random Number Generators and Pseudo-random Number Generators, as one is simply not a ‘fake’ or artificial version of the other (as the prefix pseudo implies).

Pseudo-random number generators (PRNG) are completely deterministic. At a high-level, a PRNG takes a seed state (sometimes called a “key”) and uses this as a parameter to a method or algorithm that produces seemingly random numbers. The key here is the deterministic part: If you run this algorithm a million times with the same “key” you will receive the same ‘random’ result. Obviously, this is not truly random.

As I learned in my Computer Security class these PRNGs are extremely important to cryptography, Particularly stream ciphers. These encryption schemes use the ‘randomness’ of the numbers to prevent attackers from finding patterns in ciphertext. At the same time, they use the deterministic nature as follows: The random “stream” is known to both the sender and receiver (Since they use the same shared “key” as input into the PRNG). This stream is used to encrypt the message. The most widely used stream cipher is RC4, which is used in SSL.

On the other hand, Random Number Generators usually use physical phenomena believed to be truly random. They usually try to compensate for measurement biases as well to improve ‘randomness’. These usually depend on noise of some sort or quantam mechanics.

11.6.09

Close Modal
## Contact Archer