11

I know that it is encouraged to use mt_rand() over rand() because it uses the Mersenne Twister over whatever PRNG rand() uses, but here's something that never seems to be factored in: user activity.

In fact, the actions of users can be considered pretty random. For instance, at any given moment, there might be a 4% chance a user might trigger a rand() call for one feature, an 8% chance of a user triggering three rand() calls and a shuffle(), a 20% of a user triggering two rand() calls, and every time a user loads a page the PRNG advances by one.

After all, isn't NPC movement what makes RNG-abuse in Pokémon games so frustrating?

So, bearing in mind that, while rand() does have its patterns, is the randomness of the users' activities and the variety of uses of rand() enough to make rand()'s shortcomings irrelevant? In absolute terms, mt_rand() is "more random". But how does this compare to the entropy of the human element?

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • 4
    Let's make this philosophical: humans might not have free will, in which case human action is deterministic and not random at all ;) – Lusitanian Jan 09 '13 at 20:52
  • I think this is an interesting question, however I do not feel it's a good fit for the SO format. But hey, you're the one with 67k rep. :) – Madbreaks Jan 09 '13 at 20:54
  • 3
    Depends on usage. The MT variant isn't advised for cryptographically strong randomness[(1)](http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html), it's not a complex algorithm really[(2)](http://en.wikipedia.org/wiki/Mersenne_twister). And if you just want to randomly change background images or display popups etc., it doesn't really matter how super random the results are. Hencewhy e.g. openssl comes with a custom generator. – mario Jan 09 '13 at 20:54
  • Non-deterministic is not the same as random, @Lusitanian. In other words, even if we have free will, our actions are not random. – markus Jan 09 '13 at 20:56
  • @Lusitanian - Well, in that case random might as well only be a false impression of destiny, and nothing may be random at all. – Daniel Jan 09 '13 at 20:57
  • @markus-tharkun 'tis true, _arguably_. some philosophers would disagree as it pertains to human behavior. regardless, kind of a silly conversation to have here. – Lusitanian Jan 09 '13 at 20:58
  • I might even say that without free will, randomness would play a larger role in how we act then with free will. – markus Jan 09 '13 at 20:58
  • @Daniel Quantum theory would allow for (actually require) some randomness in the universe :) – Lusitanian Jan 09 '13 at 20:59
  • I had to read this a few times to arrive what I think is the question: "If a human can't tell by eye that `rand()` isn't random.. is it really random enough?". Yes? – Mike B Jan 09 '13 at 20:59
  • 2
    This could equally be categorised as discursive, or having a specific answer. I veer to the latter, and it is asked well, so voting to reopen. – halfer Jan 09 '13 at 21:02
  • @halfer Help me out.. what's an example answer for this question? – Mike B Jan 09 '13 at 21:04
  • @MikeB - I'm not an expert in this area, but it would compare the quality of randomness of the two algorithms. I presume they are documented somewhere - if only in the code itself - and there should be a specific reason why the Mersenne Twister RNG was added to PHP. If that reason was "it's better", then someone here may know _why_ that is the case. But, I understand the objections about philosophical points `:)` – halfer Jan 09 '13 at 21:08
  • @halfer Because that's been covered before http://stackoverflow.com/questions/11528027/if-phps-mt-rand-uses-a-faster-algorithm-than-rand-why-not-just-change-rand ... a lot – Mike B Jan 09 '13 at 21:08
  • @Kolink here is an interesting answer related to your question: http://programmers.stackexchange.com/questions/76229/predicting-the-output-of-phps-rand – pzirkind Jan 09 '13 at 21:10
  • Mmm, that doesn't seem a direct dup, but I do take your point. I'd rather this was closed as _Exact Duplicate_ however if that was the real objection. – halfer Jan 09 '13 at 21:11
  • @halfer: How in heaven could this have "a specific answer"? – Lightness Races in Orbit Jan 09 '13 at 21:36
  • 2
    Take a look here http://stackoverflow.com/questions/12729459/is-it-possible-to-predict-rand0-10-in-php/12729689#12729689 – Luca Rainone Jan 09 '13 at 21:39

2 Answers2

4

If you assume calls to rand() are generated by human users at random times then i guess your logic is correct.

However imagine a bot that sends same requests each X seconds (at night hours not interrupted by human calls) or a simple script that runs for a given amount of time and runs rand() one by one. Then you can not fully depend on randomness.

comment from php.net :

Note that the automatic seeding seems to be done with the current number of seconds which means you can get the same results for several runs on a fast server. Either call srand() yourself with a more frequently changing seed or use mt_rand() which doesn't appear to suffer from the problem.

fsw
  • 3,595
  • 3
  • 20
  • 34
  • I understand that, but considering there is never nobody online, there will never be any opportunity for a bot to get some random values uninterrupted. And wouldn't it also rely on knowledge of how the code works? How would the bot know the difference between `rand(0,10)` and `sqrt(rand(0,100))`? – Niet the Dark Absol Jan 09 '13 at 21:50
  • 1
    probably he wouldn't. and probably he wouldn't also know the difference if you would use "mtime() modulo 10". If by "random" you mean some number between 1 and 10 then there is no big difference on method you use. But if you want to generate millions of random numbers and you want their cumulative distribution to act like it should for random numbers coz you want it to be statistically random so patterns wont emerge in your cryptographic algorithm blah blah blah... I think what you are asking for is why (pseudo)random numbers are important and it is pure Math not very related to php and rand() – fsw Jan 09 '13 at 22:14
0

But how does this compare to the entropy of the human element?

I imagine this scenario:

  • A game with some thousand of users.
  • For some reason, every X minutes, you should set a random value for each user (gived with the same order every time)

Due a pseudo-random function, is more probable with the user XXX and the user YYY have always the same distance. Because one of the problem of pseudo-random, is that an area can be "more" predictable after a sufficient number of cycle.

Luca Rainone
  • 16,138
  • 2
  • 38
  • 52
  • But what if new users join in the order? Even if the order stays the same, the length would change. – Niet the Dark Absol Jan 09 '13 at 21:50
  • It's like a abstract picture: it seems "random" but you can predict the brush direction. No matter if the picture tomorrow is more big. So, in a game specially, to trust to one "untrusted" random function, is dangerous – Luca Rainone Jan 09 '13 at 21:53
  • see this (is not duplicate question, but it can give you the idea) http://stackoverflow.com/questions/12729459/is-it-possible-to-predict-rand0-10-in-php/12729689#12729689 – Luca Rainone Jan 09 '13 at 21:55