by Leon Rosenshein

Random Is Hard

Not only are people bad at understanding random events, seeing patterns where they don't exist and not expecting things that they should, we (and the computers we use) are bad at generating random things. The best a computer can do is a Psuedo-random number and then calculate the next one from there. While people have done a good job of making sure the overall distribution of random numbers from these calculations are flat, we know, from the word calculation in that description, that given the same input you will get the same output. And that doesn't take into account the number of times that people try to roll their own. Unless you really know what you're doing and have a good reason to, don't do it. You'll just get it wrong.

Of course, in many cases reproducibility is a good thing. We do thousands of simulations a day, and while we expect variability, we need controlled variability so we can have reproducibility. On the other hand, If you're writing a black-jack game and someone can figure out the way you shuffle the deck and the order of the cards because they know the "seed" it doesn't matter how well distributed your random numbers are, they're not random.

Speaking of card games, just shuffling a deck is harder than you think. If you do it wrong then even if you have a perfectly flat distribution from your generator (or even a truly random generator) then you'll end up with a non-random distribution of cards. Kind of annoying if you're playing solitaire online, but imagine if you were a casino operator and someone figured out how to predict what the cards were going to do?

Random is hard and applications of random are even harder. Sometimes it really does matter how random your numbers are. So think about what you're doing and how you inject enough (but not too much) entropy into your system. Or, just build a wall of lava lamps and use that as the source.