However, this type of PRNG typically uses a simple formula of next = (current * multiplier + offset) & mask, and, given a few known times and corresponding random numbers, it seems like it would be not all that hard to figure out the server secret (and then predict all future numbers in advance). Linear-congruential PRNGs produce repeatable series of numbers when initialized with the same seed, so I could seed the PRNG with the combination of time and server secret and get the first random number it produces to meet my criteria. a token generator), so it's not strictly necessary to use cryptographically secure PRNGs. The purpose of all this is not related to solving a security problem (e.g. Also, multiple server nodes (with the same server secret) need to generate the same number within a given time frame. It is possible that a server node might be asked to create such a number multiple times within the same minute, and it needs to generate the same number each time.
The next minute's random number should not be easily predictable.įurthermore, I need to solve this in a stateless fashion (e.g., without storing a generated value in a database). For example, this mechanism should generate a new pseudo-random number every minute.
I need to generate a repeatable pseudo-random number that is dependent on the current time and a server secret.
0 kommentar(er)
