on the prng behind random.random()
Dennis Lee Bieber <wlfraed at ix.netcom.com> writes:
> On Mon, 19 Nov 2018 19:05:44 -0200, Robert Girault <r at dev.null> declaimed
> the following:
>>I mean the fact that with 624 samples from the generator, you can
>>determine the rest of the sequence completely.
> Being able to predict the sequence after a large sampling does not mean
> that the /distribution of values/ is not (pseudo-) random.
The problem with determining its sequence is that it might defeat its
purpose. If you use mt19937 to select a pivot in random Quicksort for
example (where you plan to spend n lg n time in sorting), we can
frustrate your plans and force it into n^2 every time, an effective DoS
attack on your software.
> After all, pretty much all random number generators will produce the
> same sequence if given the same starting seed... You are, in effect,
> treating your 624 samples as a very large seed...
I think I disagree with your take here. With mt19937, given ANY seed, I
can eventually predict all the sequence without having to query the
oracle any further.
If you're just writing a toy software, even K&R PRNG works just fine.
If you're writing a weather simulation, I suppose you need real
random-like properties and still need your generator to be reproducible.
If you're using random Quicksort, you do need unpredictability and
reproducibility. If you're writing a crypto application, then you need
something way stronger. We need all of them. But mt19937 is now useful
only in toy software.