|
|
|
|
|
|
by cdavidcash
5717 days ago
|
|
|
It's the most counter-intuitive thing in the world that rand() rand() is less secure than rand(); shouldn't it be twice as unpredictable?* Under some reasonable assumptions, rand() + rand() mod 1 is twice as random! If both calls return independent samples, and at least one of the calls to rand() returns a uniform sample in [0,1], then the sum will be uniform on [0,1]. So if you assume you get at least one good shot and that the other is not specifically correlated to it, you'll be improving your randomness. |
|
|
This is used to get more randomness from not-so-random source.
Just an example. If our rand() returns 0 2/3 of time and 1 1/3 of time, our rand() + rand() mod 2 will return:
0 + 0 mod 2 = 0 2/32/3 = 4/9 times, 1 + 0 mod 2 = 1 1/32/3 = 2/9 times, 0 + 1 mod 2 = 1 2/31/3 = 2/9 times and 1 + 1 mod 2 = 0 1/31/3 = 1/9 times.
So we will get 0 5/9 times and 1 4/9 times. Now we get random source that is much more uniform.
I think it is possible to obtain random bits even from source with correlated samples.