Better seeds than time(0)?

Question

I understand that time(0) is commonly using for seeding random number generators and that it only becomes a problem when the program is being run more than once per second.

Answer 1

On unix try reading from /dev/random. Reading from this device is slow so don't do it too often - eg only to set the initial seed. The random device gets data from hardware generated entropy (environmental noise from devices) and there's no endless amount of it available for a given time period. If you run out of entropy, SSL libraries may fail. Entropy refills after some time (actually it's a pool of entropy). There's also urandom afaik which is more economic but less random and won't block in low-of-entropy conditions.

Answer 2

On unix systems, you could take a few bytes from /dev/random as a seed for your RNG. /dev/random is supposed to be very good random, using the different entropy sources available on a PC. Of course, this is completely implementation-dependent.

One case in which this could be useful is for cryptographic applications, since time(0) is relatively easy to guess.

Answer 3

There is a web service that offers free and paid "true" random bits generated from atmospheric noise: http://www.random.org/

Wired ran an article on two guys who used basically the noise from a webcam CCD chip to generate random numbers: http://www.wired.com/wired/archive/11.08/random.html

Answer 4

Some early hacks of Netscape security centered around knowing when an encrypted packet was sent and narrowing down the possible range of seeds with that knowledge. So, getting a tick count or something else even remotely deterministic is not your best bet.

Even using a seed, the sequence of "random" numbers is deterministic based on that seed. A Nevada Gaming Commission investigator realized this about certain slots he was supposed to inspect and used that knowledge to earn quite a bit of money before being caught.

If you need world-class randomness, you can add hardware to your system that provides for a highly randomized number. That's how the well-known poker sites do it (at least, that's what they say).

Short of that, combine a number of factors from your system that all change independently and rapidly, with as little predictability as possible, to create a very decent seed. An answer to a related post on SO suggested using Guid.NewGuid().GetHashCode(). Since a Guid is based on a number of deterministic factors including the time, that does not form a good basis for a seed:

Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random, given the initial state one can predict up to the next 250 000 GUIDs returned by the function UuidCreate[2]. This is why GUIDs should not be used in cryptography, e.g., as random keys.

Source: Wikipedia Globally Unique Identifier

Answer 5

You can store random seed on program exit and load it on start, so you'll need to initialize your RNG with time(0) only on first program start.