The standard UNIX C library provides two random
number generators: `
rand( )`
and `
random( )`
. A third random number generator, `
drand48( )`
, is
available on some versions of UNIX. Although you won't want to use any of these routines
to produce cryptographic random numbers, we'll briefly explain each. Then, if you need to
use one of them for something else, you'll know something about its strengths and
shortcomings.

The original UNIX random number generator,
`
rand( )`
, is not a very good random
number generator. It uses a 32-bit seed and maintains a 32-bit internal state. The output of
the function is also 32 bits in length, making it a simple matter to determine the function's
internal state by examining the output. As a result, rand( ) is not very random. Furthermore,
the low-order bits of some implementations are not random at all, but flip back and forth
between 0 and 1 according to a regular pattern. The `
rand( )`
random number generator is
seeded with the function `
srand( )`
. On some versions of UNIX, a third function is provided,
`
rand_r( )`
, for multi threaded applications. (The function `
rand( )`
itself is not safe for multi-
threading, as it maintains internal state.)

Do not use `
rand( )`
, even for simple statistical
purposes.

The function
`
random( )`
is a more sophisticated random number generator which
uses nonlinear feedback and an internal table that is 124 bytes (992 bits) long. The function
returns random values that are 32 bits in length. All of the bits generated by `
random( )`
are
usable.

The `
random( )`
function is adequate for simulations and games, but should not be
used for security related applications such as picking cryptographic keys or simulating one-
time pads.

The function
`
drand48( )`
is one of many functions
which make up the System V random number generator. According to the Solaris documen-
tation, the algorithm uses "the well-known linear congruential algorithm and 48-bit integer
arithmetic." The function `
drand48( )`
returns a double-precision number that is greater or
equal to 0.0 and less than 1.0, while the `
lrand48( )`
and `
mrand48( )`
functions return random
numbers within a specified integer range. As with `
random( )`
, these functions provide excellent random numbers for simulations and games, but should not be used for security-related
applications such as picking cryptographic keys or simulating one-time pads; linear congruential algorithms are too easy to break.

There are many other random number generators. Some of them are
optimized for speed, while others are optimized for randomness. You
can find a list of other random number generators in Bruce Schneier's
excellent book, Applied Cryptography (John Wiley & Sons, Second
Edition, 1995).

Some versions of the
Linux operating system have carefully
thought out random number generators in their kernel, accessible
through the *
/dev/random*
and
*
/dev/urandom*
devices. We think that this
design is excellent-especially when the random number generators take
into account additional system states, user inputs, and "random"
external events to provide numbers that are "more" random.