← Back to Topics

RNG Security and Quality

Comments focus on the differences between PRNGs, CSPRNGs, and TRNGs, criticizing insecure implementations like Math.random() or rand(), and advocating for cryptographically secure random number generators in programming.

➡️ Stable 0.5x Security

5,442

Comments

20

Years Active

5

Top Authors

#1515

Topic ID

Activity Over Time

2007

5

2008

33

2009

89

2010

57

2011

113

2012

113

2013

357

2014

353

2015

510

2016

257

2017

350

2018

267

2019

320

2020

429

2021

477

2022

359

2023

447

2024

473

2025

429

2026

4

Top Contributors

tptacek (143) loeg (35) Dylan16807 (31) FabHK (28) rurban (27)

Keywords

e.g PHP TL RNG OK RANDOM rngs.html QuickCheck TRNG ycombinator.com random generator random number number seed cryptographically statistical randomness numbers outputs

Sample Comments

zokier • Sep 19, 2017 • View on HN

Better moral is that humans are bad at generating randomness, use CSPRNG.

wbl • Oct 24, 2017 • View on HN

You could just use a better RNG in the first place.

DerpDerpDerp • Feb 10, 2014 • View on HN

This is one of those times you'd really want to use an actual random number generator, rather than a pseudo-random number generator.

shaky-carrousel • Jan 17, 2024 • View on HN

Wouldn't that mess with RNGs?

zokier • Sep 6, 2009 • View on HN

I would like to see the code that breaks if PRNG is swapped. I mean, like is there code out there that relies on the unrandomness of current rand?

astrobe_ • Jan 16, 2022 • View on HN

So, it's like TRNG versus PRNG ;-)

alexjeffrey • Nov 19, 2014 • View on HN

a cryptographically secure pseudorandom number generator would be nice, too.

petrosagg • Jun 13, 2014 • View on HN

Given that it's a two year old post they may have changed their PRNG.

alfiedotwtf • Sep 6, 2022 • View on HN

... just don't use their random number generator!

rthille • Apr 9, 2016 • View on HN

Could be actual random data is used, rather than a PRNG