### 3.10 Random Numbers

A deterministic computer program cannot generate true random numbers. For most purposes, pseudo-random numbers suffice. A series of pseudo-random numbers is generated in a deterministic fashion. The numbers are not truly random, but they have certain properties that mimic a random series. For example, all possible values occur equally often in a pseudo-random series.

Pseudo-random numbers are generated from a seed value. Starting from any given seed, the random function always generates the same sequence of numbers. By default, Emacs initializes the random seed at startup, in such a way that the sequence of values of random (with overwhelming likelihood) differs in each Emacs run. The random seed is typically initialized from system entropy; however, on obsolescent platforms lacking entropy pools, the seed is taken from less-random volatile data such as the current time.

Sometimes you want the random number sequence to be repeatable. For example, when debugging a program whose behavior depends on the random number sequence, it is helpful to get the same behavior in each program run. To make the sequence repeat, execute (random ""). This sets the seed to a constant value for your particular Emacs executable (though it may differ for other Emacs builds). You can use other strings to choose various seed values.

Function: random &optional limit

This function returns a pseudo-random integer. Repeated calls return a series of pseudo-random integers.

If limit is a positive integer, the value is chosen to be nonnegative and less than limit. Otherwise, the value might be any fixnum, i.e., any integer from most-negative-fixnum through most-positive-fixnum (see Integer Basics).

If limit is a string, it means to choose a new seed based on the string’s contents. This causes later calls to random to return a reproducible sequence of results.

If limit is t, it means to choose a new seed as if Emacs were restarting. This causes later calls to random to return an unpredictable sequence of results.

If you need a random nonce for cryptographic purposes, using random is typically not the best approach, for several reasons:

• Although you can use (random t) to consult system entropy, doing so can adversely affect other parts of your program that benefit from reproducible results.
• The system-dependent pseudo-random number generator (PRNG) used by random is not necessarily suitable for cryptography.
• A call to (random t) does not give direct access to system entropy; the entropy is passed through the system-dependent PRNG, thus possibly biasing the results.
• On typical platforms the random seed contains only 32 bits, which is typically narrower than an Emacs fixnum, and is not nearly enough for cryptographic purposes.
• A (random t) call leaves information about the nonce scattered about Emacs’s internal state, increasing the size of the internal attack surface.
• On obsolescent platforms lacking entropy pools, (random t) is seeded from a cryptographically weak source.