58575

Why use Float(arc4random()) / 0xFFFFFFFF instead of drand()

Question:

I'm new to Swift and just saw this code used to generate a random angle degree in a tutorial.

func random() ->CGFloat{ return CGFloat(Float(arc4random()) / 0xFFFFFFFF) } func random(#min: CGFloat, max:CGFloat) ->CGFloat{ return random()*(max-min)+min }

I'm wondering is the line return CGFloat(Float(arc4random()) / 0xFFFFFFFF) generates a random float number between 0 and 1.0? Then why cannot just use drand()? Any difference between the two functions? Thanks!

Answer1:

drand48() is fine for lots of applications, but is insecure (in other words predictable). arc4random() while <a href="https://en.wikipedia.org/wiki/RC4" rel="nofollow">not perfect</a> was designed with security in mind.

I think Apple pushes people to arc4random() because of that. So, to answer your question: if you are generating random numbers to simulate something, drand48 should be fine, but if you are generating random numbers to protect something, then use arc4random() (or something even more secure like SecRandomCopyBytes()).

<hr />

From ONLamp's <a href="http://www.onlamp.com/pub/a/onlamp/excerpt/PUIS3_chap16/index4.html?page=2" rel="nofollow">Secure Programming Techniques</a>:

<blockquote> <h3>drand48( ), lrand48( ), and mrand48( )</h3>

The drand48( ) function is one of many functions that make up the System V random number generator. According to the Solaris documentation, the algorithm uses "the well-known linear congruential algorithm and 48-bit integer arithmetic." The function drand48( ) returns a double-precision number that is greater than or equal to 0.0 and less than 1.0, while the lrand48( ) and mrand48( ) functions return random numbers within a specified integer range. As with random( ), these functions provide excellent random numbers for simulations and games, but should not be used for security-related applications such as picking cryptographic keys or simulating one-time pads; linear congruential algorithms are too easy to break.

</blockquote>

Recommend

  • Randomly distributed bijective mapping generator function for string generation
  • process-local override of name resolution?
  • Stripe - PHP error - Stripe no longer supports API requests made with TLS 1.0
  • Datatables: custom function inside of fnRowCallback
  • gcloud ping attempt failure with performing a 'docker push'
  • DotNetOpenAuth - how to uniquely identify Google users?
  • CSS - how to trim text output?
  • Bootstrap collapse within a foreach loop
  • help('modules') crashing? Not sure how to fix
  • Can XOR be expressed using SKI combinators?
  • Haskell: function composition with anonymous/lambda function
  • What does the TypeScript “lib” option really do?
  • Most efficient way to replace lowest list values in dataframe in R
  • back button function for phonegap windows phone 7
  • Can long-polling be achieved in Restlet by just making the thread sleep?
  • Detecting # in Scheme list
  • Retaining data after updating application
  • Can you pass an array from javascript to asp.net mvc controller action without using a form?
  • How can I mock ui-router's resolve values when testing a state's configuration?
  • Using Sax parsing to edit and write XML in VB6
  • C++ pointer value changes with static_cast
  • How integrated is Collada to OpenGL ES
  • OOP Javascript - Is “get property” method necessary?
  • How to suppress a dialog
  • debug library loaded with ctypes using gdb
  • Admob requires api-13 or later can I not deploy on old API-8 phones?
  • Scrapy recursive link crawler
  • Sony Xperia Z Tablet not found by adb
  • How to recover from a Spring Social ExpiredAuthorizationException
  • output of program is not same as passed argument
  • Does CUDA 5 support STL or THRUST inside the device code?
  • Deserializing XML into class C#
  • Statically linking a C++ library to a C# process using CLI or any other way
  • How can I estimate amount of memory left with calling System.gc()?
  • Why winpcap requires both .lib and .dll to run?
  • PHP: When would you need the self:: keyword?
  • Hits per day in Google Big Query
  • Checking variable from a different class in C#
  • Does armcc optimizes non-volatile variables with -O0?
  • costura.fody for a dll that references another dll