GNOME Bugzilla – Bug 533779
[Win32] Random numbers trivially predictable.
Last modified: 2010-08-07 00:40:18 UTC
Please describe the problem: random_01 tries to open the file specified by RA NDOM_DEVICE, which is simply defined to be "/dev/urandom" and falls back to pseudorandom numbers if this is not available, which it isn't under windows. Then if the Environment variable GNUMERIC_PRNG_SEED is unset, it will always use the same seed. Steps to reproduce: 1. use any function requiring random numbers in the windows port Actual results: I believe pseudo random numbers are used with the same seed. Each time the sheet is opened you get the same random numbers. I'm sorry I haven't tested it yet. Expected results: Actual random numbers. Does this happen every time? untested. Sorry. Other information:
http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx Seems like the thing to implement at first look.
Created attachment 111216 [details] predicts the random numbers that will be displayed.
I love bugzilla, completely deleted without a trace the lengthy report I wrote with that attachment. Tested on WinXP Pro with sp2. 1.9.1 exe binary from the gnumeric website. every time that sheet is opened in the win32 1.9.1 gnumeric the random numbers are the same. I believe there are two issues here. One is not using "crypto quality" random numbers. The other is using numbers that are not totally 100% predictable every time. The latter can be solved by using some bits from the time to seed the pseudo random number generator rather than an constant value.
> every time that sheet is opened in the win32 1.9.1 gnumeric the random numbers > are the same. There are two schools here: those who want unpredictability [crypto-quality] and those who explicitly want predictability and repeatability. The latter people want repeatability of their simulations. So predictability is a desired feature. The only problem is that the Win32 build does not offer the access to the truly random stuff. I don't see who would benefit from having a few bits of entropy from time().
I would have thought if one needs predictability to make a simulation repeatable one has another problem ;). There's an environment variable to specify a seed, this gives such predictability to random numbers to those who want them. One use case of some extra entropy from time was the professor who emailed our list because he thought his students were all cheating when they all had the same numbers having done a paste special. There are plenty of other times where one doesn't really care if a feral blackhat can work it out by busting out his "extreme maths" but you don't necessarily want it predictable by any joker in 2 seconds without even knowing what they're doing. Yes, crypto strength is awesome. If you say there are reasons to have it completely predictable, I'll believe you even if I don't see them right now. I maintain a decent appearance of random is also useful.
I don't think there is really a conflict here: If GNUMERIC_PRNG_SEED is set to a value we should have repeatable pseudo-random numbers. If GNUMERIC_PRNG_SEED is not set, then on Linux we have pretty good random numbers. Currently on windows one gets repeatable random numbers. While I agree that a lit bit of entropy by setting the seed via time or so isn't really helpful it may at least make the random numbers look random and for a Windows user that may all that is desired ;-)
This problem has been fixed in our software repository. The fix will go into the next software release. Thank you for your bug report.