0

I have to select a random number (between 3-300) that is provably not manipulating by me. I know I can use A= HMAC(B,C) but I want to know other methods. Are there any way different?

Lazy
  • 1,807
  • 4
  • 29
  • 49
  • http://crypto.stackexchange.com/questions/8112/is-this-scheme-a-provably-fair-random-number-generation – Scott Solmer Oct 16 '14 at 15:27
  • What's wrong with `Math.random()`? – Barmar Oct 16 '14 at 15:32
  • 1
    Whom do you need convince your numbers are random? A code reviewer/auditor? Or an end user? – Patrick M Oct 16 '14 at 16:54
  • What do you mean with "between 3-300", do you mean a range of [3..300] or [4..299]. In other words, should it be possible to return 3 or 300? – Maarten Bodewes Oct 16 '14 at 19:54
  • @Patrick, they are end users, of a browser game. – Lazy Oct 16 '14 at 20:48
  • @owistead, it was just an example. I just want to know methods. – Lazy Oct 16 '14 at 20:49
  • What about [`getRandomNumber() { return 4; }`](http://xkcd.com/221/). Currently it fits your description. In other words, you should clearly describe your requirements. I want to give you a better answer, but you are not replying to my comments to clarify your question. – Maarten Bodewes Oct 16 '14 at 21:09
  • 1
    @Lazy then you are out of luck. Even if you open source your code, there is no mechanism you can provide to a client that doesn't boil down to some level of them *trusting* you. Unless you give all users root access to your servers, shortly after which a secure random number generator will be the least of your problems... – Patrick M Oct 16 '14 at 21:12
  • @PatrickM Some sites mix a high entropy source on the server with a low entropy source on the browser (e.g. mouse movements). That may come close, but it is a tricky scheme to implement (especially on tablets :P). Also note [this experimental API](https://developer.mozilla.org/en-US/docs/Web/API/RandomSource.getRandomValues). But that still requires that the clients can read JavaScript - you can change the JS on the server without their knowledge... So even these tricks won't help much. – Maarten Bodewes Oct 16 '14 at 21:15
  • It sounds like you are looking for a [nothing-up-my-sleeve number](http://en.wikipedia.org/wiki/Nothing_up_my_sleeve_number) – President James K. Polk Oct 18 '14 at 23:27

0 Answers0