Technically speaking "chances" are not real, your aren't actually "following the wind" in random number generation. So, basically, a 100 is predetermined. What's stopping folks from running a simulation on Unix Epoch to get a 100%?
Why this isn't done? Take game lootboxes, why isn't anyone running a simulation and opening the box at xx:xx?
It's not news. Yes, it can be exploited obviously. Most of the time, it's not worth exploiting. Just because you know a fault in a system, doesn't mean you can easily exploit it to your advantage.
Justin Smith
Try it, then explain to the Jow Forums class what you learned :D
Owen Anderson
>explain to the Jow Forums class what you So by this, this means basically intel has "every CPU different" or else how do you make a source for this particular "random"? Yeah, i know, i just don't like lootboxes and tought, uuuuuuuhm Not everyone has a collar attached to their cat
Adam Clark
Loot boxes or anything else random in an online game is going to do the RNG server side anyway if the devs have a brain larger than a walnut
Angel Roberts
true random numbers can be generated from feedback noise of two transistors, which can depend on quantum fluctuations if properly insulated.
Nolan Murphy
bazinga
Kayden Jones
>rdseed WOW THIS BLEW MY MIND, Intel uses THERMAL Temperature to generate a stream. WOW Yes, exactly, that's why you just need to take the "server time"
Chase Gray
Rdrand is seeded from a hardware csprng that generates more entropy than rand() or mersenne twister algorithms. They are different because there is a piece of hardware the reseeds rdrand after so many bits of data are read from it.
Justin Robinson
Meant for From
James Scott
>Yes, exactly, that's why you just need to take the "server time" Subsequent calls to rand() change the result. Good luck figuring out how many times the game server called rand() and when the last time the sever was seeded. Let alone the fact that there can be multiple servers with different seeds and startup times balancing the server load. You will find this task impossible without additional knowledge.
Chase Bailey
>Yes, exactly, that's why you just need to take the "server time" And you do that by......
Common user think.
Evan Brooks
Is this provided in major compilers like MSVC or GCC?? How to use it?
R-right, i did not figure it out, but still, it's actually simple if you are dedicated, and take some tries collecting data
That's about gist of it, I'm phone posting so it might be fucked, just look up compiler intrinsics rdrand
Jason Ross
Thanks, is this inside a header file?
Leo Nguyen
Thanks, i started understanding now... i did not know those type of function existed in a compiler
Parker Ortiz
>__builtin_ia32_rdrand32_step(&rnd_int32); Knowing the step solves a tiny tiny bit of the problem. The real problem is you have no idea how rand is used and what the current step will be when trying to exploit a remote server.
Also, that callback, that's runtime specific isn't it? I'm pretty sure rand() (and its implementation) are extremely lax in requirements so there is no guarantee the target server will have an implementation that is even remotely similar.
Just looked it up. Its a built-in function for GCC. Means nothing unless you know that the target is using the exact same rand implementation. Which is something you cannot assume and I don't think you could easily find out.
Camden Smith
Good luck guessing the seed and the number of times rand has been called when your request arrives.
Michael Bennett
If it worked like that people would be doing it already.