Instantly share code, notes, and snippets.

Embed
What would you like to do?
Random Sanity for specific languages

The standard library of every programming language has at least one pseudo-random number generator. C has rand(), Javascript has math.Random()... and if you're writing code that needs good randomness you shouldn't use those.

There could be a series of github projects that generate bad random datastreams using those old, deprecated generators and "typical" starting seeds (e.g. 0, current Unix time, small integers that might be process ids) and feeds the results in to the rest.randomsanity.org database.

That only does some good if programmers start inserting checks to randomsanity.org into their C or Javascript applications... and if they don't know enough to use RAND_bytes() or crypto.RandomBytes() they aren't going to make a REST request to check their randomness.

The only exception I can think of is if their code has a development mode that uses a fixed seed for an otherwise good PRNG, and they forget to flip the switch to use a good seed before deploying to production.

In any case, it won't hurt to seed the database with bad randomness. Just don't go crazy, you'll get rate-limited if you make too many requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment