Expert: Narendra - 5/14/2004

Question
hello
Thank you very much for answer my question,I am really sorry for my english.
when we install an application, application make an random numbers which saved in windows register.
my quesion is how this number made, for example if I use this line in c :
srand(time(0))
x=rand(something)
it is not very difficult for hacers to guess it, and it is not secure to use time.
which ways is more secure to generate random numbers for software?
thank you agian

Answer
So, actually it is not a random number. It is pseudo random number!
As you said, if you know the working of the program, you can actually guess the number. It will be repeated in a sequence!
But, if the size is very large, then it will be difficult to guess the next number.
Also, it depends on the seed. If the seed is really random, then hackers will have hard time finding the number.
Say you seed is extracted using the current time as input, which keeps on changing every second!
And for security, the way they create random numbers and use is quite different than the traditional way of doing things. They use elliptic curves and use points on those curves, multiply them etc to get the accuracy and uniqueness!

Hope you understood what I tried to convey:-)

-ssnkumar