0

I'm new to C and making a simple blackjack console app. When drawing a new card, I use the srand function to determine what card is pulled. The cards are random, but it's very predictable... For example, if a 2 is pulled, I know the other card will be a King. It follows that pattern on every single card. So I was curious, is there a way to make it less predictable? Or is this just C being C?

Here's my code:

int lower = 1;                                    // Lowest number for the RNG
int upper = 13;                                   // Highest number for the RNG
srand(time(NULL));                                // srand to actually randomize the numbers generated
int rng = (rand() % (upper - lower + 1)) + lower; // Randomly generated number
ThatGhostToast
  • 33
  • 3
  • 3
    Yes, by moving `srand(time(NULL));` to the beginning of `main`. Call it once only. If you want a random number you just call `rand`. But you didn't post enough code to be certain that it is a FAQ [duplicate Q](https://stackoverflow.com/questions/7343833/srand-why-call-it-only-once). – Weather Vane Nov 09 '22 at 18:26
  • Even with that fix, it's very poorly seeded (someone could guess the value returned by `time(NULL)`, and thus predict the numbers that will be generated). Even if you fix that problem too, there's no guarantee that's it's strong enough for encryption. If there's money on the line, you don't want `rand`. – ikegami Nov 09 '22 at 18:34
  • An alternative to using `srand` (which generates pseudo-random numbers) is to use `std::random_device` https://en.cppreference.com/w/cpp/numeric/random/random_device – ChrisSc Nov 09 '22 at 18:35
  • People often mention that `rand` isn't very random, but it is useful to get different values for a card game, hang man etc. Use the appropriate tool for the job. – Weather Vane Nov 09 '22 at 18:35
  • @Weather Vane, You seem to have stopped reading prematurely. I said it's not appropriate *if there's money on the line*. – ikegami Nov 09 '22 at 18:36
  • @ikegami was that the edit after I read it? They would have to know the particular implementation of `rand` *and* how it was seeded, or spend a lot of money finding a pattern. – Weather Vane Nov 09 '22 at 18:37
  • @Weather Vane, Re "*was that the edit?*", No, I added the mention of the bad seed. // Re "*they would have to know the particular implementation of rand*", Chances are this is trivially easy. And it's not even true this is needed. – ikegami Nov 09 '22 at 18:41
  • @ikegami for student questions posted here, how likely is that? – Weather Vane Nov 09 '22 at 18:42
  • @Weather Vane, Fairly. I've seen rand used inappropriately repeatedly. – ikegami Nov 09 '22 at 18:43
  • @ikegami perhaps, but almost every time someone asks about `rand` out come the same old "how bad is that", "don't trust that", "don't encrypt with that" comments. It's just a useful PRNG, and users can make their own. *Why* would a serious encrypter even think of using `rand`? If they are going to use that the encryption is probably weak anyway. – Weather Vane Nov 09 '22 at 18:44
  • Depending on the platform, one good way of getting some random values, is reading from the `/dev/random` or `/dev/urandom` devices. – Cheatah Nov 09 '22 at 19:08
  • @Weather Vane, Re "*"how bad is that"*", No one said that (I think. I don't even know what that means.) // Re "*"don't trust that",*" No one said that. // Re "*It's just a useful PRNG*", Of course it can be. (It is? was? notoriously bad on Windows even for casual uses.) My first comment implies as much. // Re "*If they are going to use that the encryption is probably weak anyway*", huh, that's no reason to avoid telling people to use rand for encryption. Besides, I've seen rand used with AES. // This last comment gives me the feeling I get is that you're now arguing for the sake of arguing. – ikegami Nov 09 '22 at 19:27
  • @ikegami not really. It was a response to the mantra. The same happens when a student asks about `scanf` and people might say "don't use `scanf`" and in some cases it really *isn't* the right solution, but the student isn't helped by saying "don't use it" when the task requires them to learn how to use it. Similarly here, although the caveat is good. – Weather Vane Nov 09 '22 at 19:33
  • @Weather Vane, Your endless pretending that I said "don't use rand" is getting tiresome – ikegami Nov 09 '22 at 19:33
  • 1
    Sorry, I did not repeat that, but I will let you have the last word. – Weather Vane Nov 09 '22 at 19:34

0 Answers0