2

I'm in the rough stages of creating a Spades game and I'm having a hard time thinking up a cryptographically-secure way to shuffle the cards. So far, I have this:

  • Grab 32-bit system time before calling Random
  • Grab 32 bits from Random
  • Grab 32-bit system time after calling Random
  • Multiply the system times together bitwise and xor the two halves together
  • xor the 32 bits from Random with the value from the first xor, and call this the seed
  • Create a new Random using the seed

And basically from here I both save the 32-bit result from each Random instance and use it to seed the next instance until I get my desired amount of entropy. From here I create an alternating-step generator to produce the final 48-bit seed value I use for my final Random instance to shuffle the cards.

My question pertains to the portion before the alternating-step generator, but if not, since I'll be using a CSPRNG anyway would this algorithm be good enough?

Alternatively, would the final Random instance be absolutely necessary? Could I get away with grabbing six bits at a time off the ASG and taking the value mod 52?

Jeremy Brown
  • 45
  • 2
  • 6
    Not an answer, but if you need a cryptographically secure PRNG in Java, use SecureRandom. It is readily available and rarely requires any configuration - most JREs that I know of provide the SHA1PRNG algorithm out-of-the-box. – Vineet Reynolds May 23 '11 at 05:49
  • Just grab as much as you need from a crypto PRNG. No need to do such complicated stuff. – CodesInChaos May 23 '11 at 06:56
  • What do you mean with bitwise multiplication? A bitwise AND? – Maarten Bodewes May 23 '11 at 18:06
  • This question sounds like it's more about gathering entropy than shuffling. Why not just use /dev/urandom as an input for a cryptographically secure PRNG? – Nick Johnson May 29 '11 at 01:07

3 Answers3

3

No, it may be secure enough for your purposes, but it is certainly not cryptographically secure. On a fast system you may have two identical system times. On top of that, the multiplication will only remove entropy.

If you wan't, you can download the FIPS tests for RNG's and input a load of data using your RNG, then test it. Note that even I have trouble actually reading the documentation on the RNG tests, so be prepared to do some math.

All this while the Java platform already contains a secure PRNG (which is based on SHA1 and uses the RNG of the operating system as seed). The operating system almost certainly uses some time based information as seed, no need to input it yourself (of course you may always seed the system time if you really want to).

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
1

Sometimes the easy answer is the best one:

List<Card> deck; // Get this from whereever.
SecureRandom rnd = new SecureRandom();
java.util.Collections.shuffle(deck, rnd);
// deck is now securely shuffled!
Eadwacer
  • 1,138
  • 7
  • 10
0

You need a good shuffling algorithm and a way of gathering enough entropy to feed it so that it can theoretically cover all possible permutations for a deck of cards. See this earlier question: Commercial-grade randomization for Poker game

Community
  • 1
  • 1
crazyscot
  • 11,819
  • 2
  • 39
  • 40