WoW:API random: Difference between revisions

From AddOn Studio
Jump to navigation Jump to search
(demoted headings)
m (Move page script moved page API random to API random without leaving a redirect)
 
(5 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{:Lua/Libshortcut|random|math.random}}
{{wowlua}}
== math.random and math.randomseed ==
val = math.random([l [, u]]);
 
val = random([l [, u]]);
=== Usage ===
math.randomseed(s);
val = math.random([l, u]);


=== Description ===
=== Description ===
The functions math.random and math.randomseed are interfaces to the simple random generator functions rand and srand that are provided by ANSI C.  
The functions math.random and math.randomseed are interfaces to the simple random generator functions rand and srand that are provided by ANSI C.


When called without arguments, math.random returns a pseudo-random real number in the range [0,1).  
When called without arguments, math.random returns a pseudo-random real number in the range [0,1).


When called with a number n, math.random returns a pseudo-random integer in the range [1,n].
When called with a number n, math.random returns a pseudo-random integer in the range [1,n].
Line 18: Line 15:


=== On random number generator distribution and security ===
=== On random number generator distribution and security ===
The ANSI C rand() function is a Linear Congruential Pseudo-Random Number Generator (LPCRNG). Statistically speaking, LCPRNGs have a fair distribution. However, from a security standpoint they are very weak.  
The ANSI C rand() function is a Linear Congruential Pseudo-Random Number Generator (LPCRNG). Statistically speaking, LCPRNGs have a fair distribution. However, from a security standpoint they are very weak.


If you depend on random numbers to keep something secret or someone out of something, they only need to see a handful of numbers to be able to guess the next one accurately. In fact, if you output large enough numbers, they only need to see a single number to determine the next one. This is the standard LCPRNG used by Microsoft (written in C):
If you depend on random numbers to keep something secret or someone out of something, they only need to see a handful of numbers to be able to guess the next one accurately. In fact, if you output large enough numbers, they only need to see a single number to determine the next one. This is the standard LCPRNG used by Microsoft (written in C):
Line 24: Line 21:
   rng = rng * 214013 + 2531011
   rng = rng * 214013 + 2531011
   return (rng>>16)&0x7fff;
   return (rng>>16)&0x7fff;
<b>So, how do I get numbers that are harder to guess?</b>
The easiest way is to reseed the generator as often as possible with ever-changing data that third parties cannot see.
If you are not generating dozens of numbers at once, hooking an event that occurs fairly often (OnUpdate, CHAT_MSG_* events, etc) and doing something like the following to introduce entropy to your generator should work:
  math.randomseed(math.random(0,2147483647)+(GetTime()*1000));


=== Example ===
=== Example ===
Line 47: Line 36:


=== Notes ===
=== Notes ===
math.randomseed takes any kind of positive number, between 0 and 2^31-1.


The range [0,1) of math.random is exclusive, meaning that you can '''never''' get 1.0 exactly. Note that the returned number is not an integer, except the special (very rare) case of 0.
The range [0,1) of math.random is exclusive, meaning that you can '''never''' get 1.0 exactly. Note that the returned number is not an integer, except the special (very rare) case of 0.
Line 53: Line 41:
The other ranges of the functions are inclusive, and will always return integers.
The other ranges of the functions are inclusive, and will always return integers.


{{LUA}}
It should be noted that the reason math.random does not allow 1.0 to be returned has to do with code they implemented to avoid issues on SunOS systems. However, they "correct" this issue by using modulus division. This has a side-effect for all non-SunOS systems making 0.0 twice as likely to occur than any other randomly generated number. In other words, when it would normally roll a 1.0, Lua changes that to 0.0 - so both 0.0 and 1.0 return as 0.0.
 
It has been suggested that the game client might seed the RNG when it is started
 
Source: http://forums.worldofwarcraft.com/thread.html?topicId=15443405133&sid=1&pageNo=10

Latest revision as of 04:47, 15 August 2023

WoW Lua

val = math.random([l [, u]]);
val = random([l [, u]]);

Description[edit]

The functions math.random and math.randomseed are interfaces to the simple random generator functions rand and srand that are provided by ANSI C.

When called without arguments, math.random returns a pseudo-random real number in the range [0,1).

When called with a number n, math.random returns a pseudo-random integer in the range [1,n].

When called with two arguments, l and u, math.random returns a pseudo-random integer in the range [l,u].

The math.randomseed function sets a "seed" for the pseudo-random generator: Equal seeds produce equal sequences of numbers.

On random number generator distribution and security[edit]

The ANSI C rand() function is a Linear Congruential Pseudo-Random Number Generator (LPCRNG). Statistically speaking, LCPRNGs have a fair distribution. However, from a security standpoint they are very weak.

If you depend on random numbers to keep something secret or someone out of something, they only need to see a handful of numbers to be able to guess the next one accurately. In fact, if you output large enough numbers, they only need to see a single number to determine the next one. This is the standard LCPRNG used by Microsoft (written in C):

 rng = rng * 214013 + 2531011
 return (rng>>16)&0x7fff;

Example[edit]

> local x = math.random();
> = x
0.34534 [0 - 1]
> local x = math.random(100);
> = x
53 [1 - 100]
> local x = math.random(50, 52);
> = x
51 [50 - 52]

Notes[edit]

The range [0,1) of math.random is exclusive, meaning that you can never get 1.0 exactly. Note that the returned number is not an integer, except the special (very rare) case of 0.

The other ranges of the functions are inclusive, and will always return integers.

It should be noted that the reason math.random does not allow 1.0 to be returned has to do with code they implemented to avoid issues on SunOS systems. However, they "correct" this issue by using modulus division. This has a side-effect for all non-SunOS systems making 0.0 twice as likely to occur than any other randomly generated number. In other words, when it would normally roll a 1.0, Lua changes that to 0.0 - so both 0.0 and 1.0 return as 0.0.

It has been suggested that the game client might seed the RNG when it is started

Source: http://forums.worldofwarcraft.com/thread.html?topicId=15443405133&sid=1&pageNo=10