1

Need I change random seed when calling random() method each time?

Or should generate one random seed and not to change until restart my program?

Which choice could I get a better random number?

About my program

I'm developing a poker program with Node.js. I need shuffle cards with Math.random().

Due to original original Math.random() method is not secure enough, so I use seedrandom package rewrote it.

I can provide a random seed to seedrandom. But I don't know when to change or need I change the random seed when the program is runing.

sjfkai
  • 98
  • 1
  • 10
  • 2
    unless you are making your own pseudo-random generator then the seed is automatically changed inside the `random()` method. If the seed would be constant then you would need another temp variable making the seed itself useless – Spektre Feb 28 '17 at 08:44
  • What's your purpose, what's your program for? You should point out them to continue your question. – Peter Guan Feb 28 '17 at 08:52
  • I have added some more message about my program. Thanks – sjfkai Feb 28 '17 at 09:52
  • 1
    @Spektre Your comment is only correct if the seed *is* the internal state of the generator. More generally, the seed is used to set the initial state, the state gets updated on each iteration, and the return value is some function of the state. For instance, MT19937 sets and maintains 19937 bits of internal state even if you only seed it with a 32 bit quantity. – pjs Feb 28 '17 at 15:33

2 Answers2

1

Using a constant random seed is usefull when developing - it allows you to have constant behavior, this means that a bug you got will appear every time you run the program.

When testing - you can generate the random seed as parameter and if the program crashes to recreate the bug.

On a real world application you can't have a constant random seed because it will make the entire program constant. In your poker game the cards that are being dealt will always be the same and as you can understand it might be a problem.

As for generating a new seed before each random() call, the pseudo-random generators are used to create as true random variables as possible, True random means that you can't predict the next number once you get a series of the previous numbers. so this doesn't make any sense to change the seed every time.

antonpuz
  • 3,256
  • 4
  • 25
  • 48
  • Thanks. If I generate a random seed (not constant, such as timestamp) when my poker program start up. And only change seed when the program restart. Will there be any problem? In other words, Can I generate countless random number with one random seed ? – sjfkai Feb 28 '17 at 15:13
  • @sjfkai, If you use a timestamp for a seed you will invalidate all your efforts to find a secure RNG. I don't know anything about Node.js, but it looks like you need to seed your generator with [crypto.randomBytes(256)](https://nodejs.org/api/crypto.html#crypto_crypto_randombytes_size_callback) (or [thereabouts](https://en.wikipedia.org/wiki/Fisher-Yates#Pseudorandom_generators:_problems_involving_state_space.2C_seeding.2C_and_usage)) to shuffle a single 52-card deck. You might look in that same crypto class for a reliable CPRNG. – sh1 Mar 02 '17 at 05:41
0

So you are asking about randomness security instead?

In that case it is entirely different matter.

Using fixed pseudo random function as randomness source always contains the risk that the output may have deterministic properties which can be exploited by potential hacker/cheater of the game. For example after some sequence of cards the game will repeat it self etc ...

There are few things you can do to prevent or lower the risk of this:

  1. Use random generator

    This way is safest but not usable in most cases as you need a real randomness source (like antenna or some sensor obtaining white noise etc) which requires non standard HW which is not present on majority of machines.

  2. Randomize time to time

    so after some time elapsed try to randomize your seed (this is what you're asking). Usually some better randomness variable is used to improve randomness like measuring the response time of human (how long a key is hold or average click ratio etc), using real time, RDTSC state etc.

    This way you should change the seed before some saturation or randomness period elapses after which some properties of the output could be predicted.

  3. Use more then one pseudo random generator

    If you got more generators you can switch between them randomly time to time to even lower the risk. You can also compute seed of one generator with another generator.

  4. Non constant random call frequency

    If you have constant random calls in each frame/turn whatever then you got higher probability that your app will "saturate" or repeat it self. To lower the risk you can add random value times empty random calls.

To check for randomness is a good idea to use 2D gfx. You can detect patters and saturations easily so you can estimate how often you should randomize. For example of such plot see:

Also using histogram helps to see the quality of the output. (Some seeds on custom generators can lead to missing numbers or defective distribution)

Community
  • 1
  • 1
Spektre
  • 49,595
  • 11
  • 110
  • 380