In article <20030122034335.GA10142 / debian>,
Sam Roberts  <sroberts / uniserve.com> wrote:
>Quoteing ptkwt / shell1.aracnet.com, on Tue, Jan 21, 2003 at 12:55:13PM +0900:

>
>You may know this already, but rand() doesn't output random numbers, it
>just outputs a sequence of numbers which is *statistically* random.

Right, pseudo-random.  Isn't there a VonNeumann quote where he says 
something like "those who try to generate randomness using deterministic 
means are seriously deluded..."  (or some such)

>Netscapes famous SSL security hole was caused by them seeding their
>"random" number generator with time and process id, both of which are
>pretty easy to guess, since they have limited ranges, and this allowed
>their SSL connections to be broken.
>
>Probably your application doesn't need real randomness, you just want
>a nice statistical spread, so this won't affect you.

There are no security implications to what I'm doing...  

Now if you want _real_ random numbers you can get them from 
http://random.org

Hal Fulton has an example in "The Ruby Way" that shows how to fetch random 
numbers from that site.

Phil
-- 
"Or perhaps the truth is less interesting than the facts?" 
Amy Weiss (accusing theregister.co.uk of engaging in 'tabloid journalism')
Senior VP, Communications
Recording Industry Association of America