Secure Random Number Generator

Discussion and feedback on Construct 2

Post » Fri Jun 27, 2014 1:18 pm

Since computers are deterministic, "genuinely random" data needs to come from outside the system. There are specialist hardware devices for this, or you could use a service like random.org, or you could just ask the user to wave their mouse around randomly and then use that as your data (which I've seen other apps do).
Scirra Founder
B
395
S
233
G
88
Posts: 24,376
Reputation: 193,842

Post » Sat Jun 28, 2014 5:44 am

doesn't srand() get the runtime time and use that as a seed? I think that is plenty random enough, pseudo or not.

as someone mentioned - maybe if you are dealing with casino style games for actual money you might need "true" randomness. But I would think the majority (if not 99.99%) of the games created with C2 will be more than adequate with Random().

Believe it or not, I've actually tested C2's random function against some dice while I was in the design phase a while back. The game was only on paper at that point; I wanted to know how long it would take a player to collect item drops that were only dropped based on a random number range. The percentages were basically the same. I ran the test many times until I was comfortable with C2's randomness. Now I use it all the time without hesitation.
B
97
S
32
G
16
Posts: 1,200
Reputation: 16,682

Post » Fri Jul 18, 2014 9:00 am

Ashley wrote:Since computers are deterministic, "genuinely random" data needs to come from outside the system. There are specialist hardware devices for this, or you could use a service like random.org, or you could just ask the user to wave their mouse around randomly and then use that as your data (which I've seen other apps do).


http://davidbau.com/archives/2010/01/30 ... lions.html
http://finalfantasy.wikia.com/wiki/Trea ... asy_XII%29

"Network Entropy Seeding

One option for quick robust entropy is to use an online source of random bits like random.org. Random.org provides a high-volume online stream of unpredictable bits that are derived from atmospheric noise detected by an array of radio receivers in Dublin and Copenhagen, all built and run by Trinity College professor Mads Haahr. His service will happily ship a few of these physically generated bits to you over https for free." <-- personally I prefer to use openssl_pseudo_random_bytes

You are largely correct. But seriously, RNG attacks do exist. Certainly for Pokemon, Final Fantasy, and other games with weak seeds.
B
9
S
3
G
1
Posts: 191
Reputation: 1,725

Post » Fri Jul 18, 2014 9:33 am

If you are making a multiplayer game you know they'll be online, so you could look at using an API:
https://api.random.org/json-rpc/1/
Image Image
Scirra Founder
B
173
S
41
G
34
Posts: 4,397
Reputation: 54,116

Post » Fri Jul 18, 2014 10:03 am

Tom wrote:If you are making a multiplayer game you know they'll be online, so you could look at using an API:
https://api.random.org/json-rpc/1/

Latency for random.org is on the order of 200 milliseconds
B
9
S
3
G
1
Posts: 191
Reputation: 1,725

Previous

Return to Construct 2 General

Who is online

Users browsing this forum: bobcgausa and 11 guests