Discussion on: Explain the challenge of generating random numbers like I'm five

rsa profile image
Ranieri Althoff

I didn't see the other answers diving into the second question, so here we go:

Pseudorandom numbers are good enough for the common usage, mostly statistics and sampling (e.g. Monte Carlo methods), as there's not really an issue if an attacker is able to reverse the stream of random data and "derandomize". It is not good enough for sensitive purposes (such as cryptography) because of that.

In computer security, we always assume an attacker has more resources and motivation than us, for these special purposes you either need to have a truly random source of data (several examples were given) or a cryptographically secure pseudorandom number generator.