Are random numbers on Mac truly random?
Here are very random thoughts on random number generators.
A random number is a number generated using a broad set of numbers and a mathematical algorithm that gives equal probability to all numbers occurring in the specified distribution. A random number generator (RNG) is a device that generates a sequence of numbers or symbols that cannot be reasonably predicted better than by a random chance.
I was working on a side project which involved generating random numbers. While I was writing a stress test case for it, I observed a pattern that all numbers were unique. To provide some context around the project, the programming language is C; the space of random numbers is from 0 to INT_MAX (2147483647 for 32 bits), and the OS is macOS Mojave for this particular project.
The uniqueness in random number generation looked like an error to me. One suspect was that I am only generating 1k numbers, and given the sample size is too big, the probability of repetition is negligible. So, I decided to generate 214748364 (INT_MAX/10) random numbers to verify my hypothesis.
I ran the same program on Ubuntu and macOS.
There were 214748364 unique numbers generated on macOS and 204364639 on Ubuntu 18.04. The observation means ~4.83% repetition on Ubuntu and no repetition on macOS, pointing out that there is some difference in the algorithms of two platforms(Linux and Unix). When I looked at the code for generating random numbers in macOS (https://opensource.apple.com/source/Libc/Libc-1353.11.2/stdlib/FreeBSD/rand.c), it took me by surprise. It is the most basic form of PRNG (Pseudo-random number generator).
As you can see, that generation of the next random number is dependent on the previous random number. The fact is not valid for Ubuntu. The random number generator is part of the kernel. Hence, the Linux distro is of less importance, be it Ubuntu, KaOS, Fedora, RedHat, etc. When I looked at the code for generating random numbers in Linux (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/random32.c?h=v5.7-rc3), I was again taken by surprise. It is a much-sophisticated algorithm, and no proper documentation was available to understand it. On a bit of googling, I found this research paper, https://eprint.iacr.org/2006/086.pdf (recommended read), which tries to ease the pain of understanding it.
As seen in the diagram, the entropy to generate randomness is based on a lot of factors like inputs and interrupts.
It is indeed impossible to generate truly random numbers, but it was my expectation from macOS that it will not reduce the space available to generate random numbers. Random numbers are essential in cryptography (https://www.commonlounge.com/discussion/481152258acb4003a5903d2fc1bc425f) and network security (https://blog.cloudflare.com/why-randomness-matters/). When our lives are becoming more and more online, I am not happy with this.
And here ends my random rant and facts.
