1. Ring Mac Os App
2. Ring For Mac Os
3. Ring Macos App

• AMD Secure RNG Library. The AMD Secure Random Number Generator (RNG) is a library that provides APIs to access the cryptographically secure random numbers generated by AMD’s hardware-based random number generator implementation. These are high quality robust random numbers designed to be suitable for cryptographic applications.
• Its function is similar to random password generators, but the generation method is very different. This program generates passwords based on opening moves in a go game. The method is simple: the Custom Seed at the bottom is used to seed a random number generator (RNG). The RNG assigns a value to every intersection on the board. After moves are.
• Mar 08, 2020 Operating system based on Linux,.BSD, Unix, Microsoft, Android, iOS, Apple OS X and more. Intel page about the Advanced Encryption Standard Instructions (AES-NI). Wikipedia page about the AES instruction set. For a list of Intel processors that support the AES-NI engine. For a list of AMD processors that support the AES-NI engine.
• This manipulation involves using the random battle feature of each game to find the current seed and hitting the right frame when confirming the trainer name to get the desired starters RNG. This program allows this manipulation technique to work as it assists the runner into all these steps with user-friendliness being a priority.

• Introduction and General Preparations

The first hurdle of RNG manipulation on Mac, software. Most guides you’ll find are for windows and therefore are based on using RNG Reporter and Eon Timer, however, I haven’t been able to get the former working on Mac despite trying many methods and avenues.

Credits

This guide would not have been possible without Smogon's own loadingNOW and X-Act, who discovered the internal workings of the Pokémon random number generators. Of course, other members of Smogon have contributed to making this guide possible. Theorymon and Jibaku also deserve recognition; the former for finding the Japanese information, and the latter for bringing it to Smogon's attention. From here, many users did research and refined the community's understanding of Emerald's RNG, including Wichu, who released an English program to the masses. Of course, it is worth noting that Everstone noticed some trends in Emerald's RNG, and gathered a group of users to research Emerald's breeding nuances.

Finally, there are a couple of Smogon users who had a more direct influence on this guide. Registered User Negator assembled lists for Method 1 and Wild Pokémon spreads. Community Member X-Act also helped clarify some specifics concerning rare breeding occurrences. Finally, mingot assembled all the breeding spreads, in addition to generating the .csv files found in each section. mingot has also graciously written the RNG Reporter instructions found later in this section, having originally authored the program himself. Without the help of all these users, you would not be reading this guide today.

Introduction

Ironically, it is currently impossible to create a software random number generator that generates random numbers. The best these types of random number generators (or RNGs for short) can hope for is to output numbers that appear to lack any sort of pattern. In the world of Pokémon, these numbers are used to determine the outcome of any action that should be inherently 'random', from which way a non-player character should turn, to whether or not a Pokémon is frozen, to the IVs and natures of wild Pokémon. All Pokémon games from Ruby and Sapphire onwards use a certain formula to generate these pseudo-random numbers.

Each time a game boots up, or is soft reset, a number known as a 'seed' is plugged into this formula, in a process fittingly known as 'seeding'. The seed gets its name because all of the other pseudo-random numbers 'grow' out from this seed. Since true random numbers cannot be generated, any given seed will always output the same numbers in the same order. Therein lies the foundation of Emerald's RNG.

Instead of choosing a different seed each time the game boots up (and by extension, a different sequence of pseudo-random numbers), Emerald always sets its seed as 0. This means that every time the game starts, the same numbers are always output in the same order. In an attempt to hide this, Emerald asks its RNG to spit out numbers at a considerable pace; approximately 60 times per second. Each of these instances is known as a 'frame'.

A frame is an instant that holds all the 'random' numbers given by the RNG. These numbers are then used to decide whatever they are asked to; if you are near an NPC, the frame dictates which way they turn. If a Pokémon is frozen, the frame decides whether or not it will thaw. If a wild Pokémon is encountered, the frame decides what its nature is, and how its IVs are distributed.

Since all the numbers are generated in the same sequence, frames will always occur at the same time, each time you reset the game. That means if you take a certain action at the same time after the game loads, the outcome will always be the same. Think of this like pausing a movie; the action that is shown on the screen is the same each time you pause in a specific place. However, since the movie’s frames move very quickly (it is a motion picture after all), it is difficult to always pause in the same place.

Unlike a movie, you cannot alter the pace of Emerald's RNG by choosing to rewind or fast-forward, but the basic analogy holds. By taking an action to create a wild Pokémon on a certain frame, you will always get the IV spread of that frame. By extension, the spreads of Eggs and legendary Pokémon can also be manipulated by calling upon the RNG to set them on a certain frame. It is difficult to stop on a specific frame, as they are passing by at a rate of approximately 60 per second, but if you do, you will always get the results associated with that frame.

We can convert the frame into a time by dividing it by 60. By aiming to create a Pokémon at the time a frame with a desirable spread occurs, you can obtain almost any Pokémon you want. It is a simple matter of waiting for a frame to occur, then giving an input to create a spread. This is how you can eventually manipulate Emerald's RNG to create your dream Pokémon.

The one downside to Emerald's RNG is that you may have to wait a while for a frame with a good spread to roll around. In fact, a flawless spread on a wild or legendary Pokémon can take weeks to occur, thus it is all but impossible to obtain. Nonetheless, very good spreads can be found within the first hour and a half of the game's time, after hundreds of thousands of frames have advanced. In the case of Pokémon hatched from Eggs, it is possible to hatch a completely flawless Pokémon with less than an hour's wait.

How do you obtain a flawless Pokémon? It depends on how the Pokémon is created; the same frame yields different spreads depending on how a Pokémon is generated by the game. There are three categories of Pokémon: bred Pokémon, method 1 Pokémon, and wild Pokémon. Bred Pokémon are self-explanatory; these are the Pokémon you hatch from Eggs 'mysteriously' found at the Day Care. Method 1 Pokémon mostly occur in set locations, such as the invisible Kecleon, or Rayquaza. Wild Pokémon are the critters that lurk in the tall grass, and other such places. Each category of Pokémon has a different way of manipulating the RNG to give you the spread you want, but they all have things in common. Read on to learn the basics of RNG manipulation, then check out each respective section to learn the specifics on manipulating different Pokémon to get the spreads you want.

Physical Preparations

A list of items outside the game you will need to manipulate the RNG is as follows:

• A Pokémon Emerald Game Pak
• A Game Boy or Nintendo DS system capable of playing GBA games
• A stopwatch or timer with at least a milliseconds display
• An IV calculator
• A program to view .csv files OR
• The RNG Reporter program

Your Game Boy or Nintendo DS system should preferably be a model with a rechargeable battery; in other words, every system that was released after the original Game Boy Advance. This allows you to plug in your system, alleviating the potential for the battery to run out while waiting for a high frame to occur. You probably have a stopwatch or timer that meets the criteria already, even if you do not know it! iPods, cell phones, and a myriad of electronic devices contain stopwatches or timers, so check any devices you have, and see how many digits they display (the more, the better). You can also find free online stopwatches and timers if you reset near your computer. Of course, traditional stopwatches are easy to find as well; a functional one can likely be bought at a relatively low price from your local sporting equipment store. Finally, for an IV calculator, Metalkid's IV Calculator is generally recognized as the most reliable; determining IVs is essential to figuring out what spread a Pokémon has, and, by extension, what frame was hit.

In order to see lists of frames, you will need to have a program on your computer that will open the spreadsheets contained in the .csv files. Programs that will open .csv files in neat, spreadsheet form include Microsoft Excel, and Numbers, for Windows and Mac OS X computers respectively. If you do not have access to either of these programs, a .csv file can be opened in a text editor such as Notepad or TextEdit. However, this will have less of a 'clean' output, as the spreads will not be organized in a spreadsheet; this also limits how effectively you can sort through spreads. Another very useful program that will aid you in your quest is RNG Reporter, created by Smogon's own mingot. While a list of good spreads is contained in every section of this guide, RNG Reporter allows you to search for your own spreads, including any that may be shiny. RNG Reporter is capable of running on Windows and Linux, with mono fixes for Mac users coming at some point in the future.

Understanding Spread Selection

Included in this guide are a number of .csv files, containing full lists of spreads up to 100,000 frames. The .csv files relevant to the different methods can be found in their respective sections. However, the information in the spreadsheets is not limited to frames and IVs; it can tell you all about the Pokémon you wish to capture, including their abilities and genders! The output for method 1 and 2 is displayed as follows:

Frame, Time, Nature, Ability, HP, Atk, Def, SpA, SpD, Spe, Hidden Power, Hidden Power Power, 50% Female, 12.5% Female, 25% Female, and 75% Female

Frame and Time list the frame that the spread occurs at, and the approximate time when that Frame occurs. Nature is similarly self-explanatory, listing the nature that the Pokémon on that frame will have. Ability does not make sense at first glance; it is either a 0 or a 1. For Pokémon with multiple abilities (for example, Geodude can have Rock Head or Sturdy), this number dictates which ability that Pokémon will have. For a list of which abilities correspond to which numbers, see the ability section of X-Act's article concerning PID Creation. Note that some Pokémon with only one ability in the third generation gain a second ability in the fourth generation; for example, Shroomish can only have Effect Spore in Emerald, whereas in Diamond and Pearl onwards, it can have Effect Spore or Poison Heal. A Pokémon's ability is checked when it evolves, meaning if you want your Pokémon to change abilities, you must evolve it in a fourth generation game. It is important to note that the new ability (if applicable) will correspond to ability 1; if the Pokémon has an ability of 0, it will simply keep its old ability upon evolution. Note that there is no way to know if a bred Pokémon's ability will change without actually evolving it in the fourth generation.

The following six categories: HP, Atk, Def, SpA, SpD, and Spe, are rather self-explanatory, stating what IV the Pokémon has in its respective stats. Hidden Power states which type the move Hidden Power will have when used by this Pokémon; this can be any of the seventeen types except for Normal. Hidden Power Power is the Base Power of the move Hidden Power. As you may have guessed, Hidden Power is a unique move; it is determined by the Pokémon's IVs. For more information on these mechanics, see the page on Hidden Power. When catching a Pokémon, it is important to consider whether you will keep it in your third generation games, or transfer it into the fourth generation via the Pal Park. In the third generation, Hidden Power is either physical or special depending on which type it happens to be; in the fourth generation, Hidden Power has become special, meaning that Pokémon with high Special Attack stats will benefit from it.

The final categories: 50% Female, 12.5% Female, 25% Female, and 75% Female, will determine what gender a Pokémon will have based on its gender ratio. All Pokémon are assigned a gender ratio within the game's code; with the exception of Pokémon with indeterminate gender, such as Metagross, or with pre-set genders, such as Latias, a value known as the PID (or Pokémon Identification Number) will determine their genders based upon the gender ratio. For a more technical explanation of the PID, see X-Act's ever-helpful article on PID Creation. The most important thing to know about gender ratios is that the gender of the Pokémon on any given frame corresponds to the letter (M for male, and F for Female) listed under the appropriate gender ratio. For example, Mudkip will be found as a Female 12.5% of the time. If you wish to obtain a Mudkip on frame 2298, look under the 12.5% Female column, and will see the letter 'M', meaning that Mudkip will be a male. However, if you obtain a Skitty on the same frame, you would look under the 75% Female column to find that your Skitty would be a female. So while the gender will always be the same for each gender ratio on any given frame, Pokémon with different gender ratios may have different genders, despite being caught on the same frame.

There are some minor differences in the spreadsheets for bred Pokémon; they are addressed in the RNG Manipulation of Bred Pokémon section.

Shiny Pokémon

An attractive option afforded by resetting for method 1 or wild Pokémon is the ability to obtain alternate-coloured, or 'shiny' Pokémon with relative ease—a simple matter of resetting for a Pokémon on the desired frame, which is predetermined to generate a shiny Pokémon. The only catch is that you need to calculate a hidden value known as your 'Secret ID'; this value can only be calculated if you have already caught a shiny Pokémon. For more information, see the article on SID Deduction.

Once your Secret ID has been determined, you must generate a list of shiny spreads using RNG Reporter (see the following section). Bear in mind that the spreads will vary depending on the method that generates them; a great method 1 spread is exclusive to Pokémon generated via method 1, and so on. On the subject of exclusivity, shiny spreads are tied to the combination of your Trainer ID and Secret ID. In other words, if your friend discovers a great shiny spread on his or her game, it will not be shiny on yours, save the immensely unlikely scenario that both your IDs and SIDs are identical.

RNG Reporter

Although the goal of this article has been to remove the need to use any external software (by providing comprehensive frame lists in the form of .csv files), it may be useful to familiarize yourself with the tool that was used to create them. Additionally, RNG Reporter has some advantages over the spreadsheets and is necessary if you wish to capture shiny Pokémon. Efficient filtering and the ability to search frames higher than the 100,000 that are included in the spreadsheet are also be useful features.

Before starting you must download and install RNG Reporter. Please pay particular attention to the prerequisites and the installation directions.

RNG Reporter, at its heart, is a tool to predict the nature and IVs when a Pokémon is created on a particular frame. By default, RNG Reporter will show the output of the first 100,000 frames, starting from the first, but is flexible enough to allow you to start at some later point in time. Up to 999,999 frames may be shown at one time. To get the most out of the tool, there are quite a few settings and filters can be tweaked which are outlined below.

Method

The method, which was briefly described above, is used to govern how output from the random number generator is used to create an IV spread. When attempting to capture method 1 Pokémon, select 'Method 1'. When attempting to capture wild Pokémon, select 'Method 2'. For breeding, you should select 'Breeding (Emerald Splits)'. The other options listed on this dropdown are generally used for other games, and may safely be ignored.

HP, Atk, Def, SpA, SpD, and Spe

These items allow you to filter by a Pokémon's IVs. There are two elements to each IV. The comparison type, which is a dropdown list, and the comparison value which will either be left blank or contain a value between 0 and 31.

None

When this option is selected, no comparison or filtering will take place on the corresponding IV. Leaving all IVs' comparison types set to null will allow you to get an unadulterated listing of spreads.

When this option is selected, the IV of the frame must match the corresponding IV entered into the textbox adjacent to the dropdown.

>=

When this option is selected, the IV of the frame must be greater than or equal to the corresponding IV entered into the textbox adjacent to the dropdown.

<=

When this option is selected, the IV of the frame must be less than or equal to the corresponding IV entered into the textbox adjacent to the dropdown.

!=

When this option is selected, the IV of the frame must not match the corresponding IV entered into the textbox adjacent to the dropdown.

E

When this option is selected, the IV of the frame must be even. The content of the textbox adjacent to the dropdown is ignored.

O

When this option is selected, the IV of the frame must be odd. The content of the textbox adjacent to the dropdown is ignored.

HP

When this option is selected, the IV of the frame must be what is considered a perfect Hidden Power number. These numbers are 2, 3, 6, 7, 10, 11, 14, 15, 18, 19, 22, 23, 26, 27, 30, and 31. The content of the textbox adjacent to the dropdown is ignored.

HP_E

When this option is selected, the IV of the frame must be what is considered a perfect even Hidden Power number. These numbers are 2, 6, 10, 14, 18, 22, 26, and 30, and 31. The content of the textbox adjacent to the dropdown is ignored.

HP_O

When this option is selected, the IV of the frame must be what is considered a perfect Hidden Power number. These numbers are 3, 7, 11, 15, 19, 23, 27, and 31. The content of the textbox adjacent to the dropdown is ignored.

Nature

When selected, this will cause RNG Reporter to filter on the nature of the Pokémon, showing only those which match.

Ability

When selected, this will cause RNG Reporter to filter on the ability of the Pokémon, showing only those which match. Please refer to the abilities section of The Process of PID and IV Creation of Non-Bred Pokémon.

ID and SID

When both of these items are filled in with your trainer ID and secret ID, RNG Reporter will be able to mark particular frames as being shiny, or 'find your shiny frames'. As these frames will be different for each combination of ID and SID it is important that they are entered correctly. Frames which hold shiny Pokémon will be denoted a by the presence of the text '!!!' under a similarly named heading in the output. Once identified, these shiny frames are targeted exactly like any other.

Shiny Only

When this option is checked, RNG Reporter will filter out all Pokémon that are not shiny, leaving you only with those that are. This requires that your trainer ID and secret ID were correctly entered.

Once all of the desired options and filters are selected, clicking the 'Generate' button will produce the listing of frames. Once generated, this list can be browsed on screen or output to .csv by right clicking anywhere in the listing and selecting 'Output Results to .csv' from the menu. There are a number of other useful features squirreled away in this menu which deserve mention.

Set as Target Frame

This option allows you to tag your target frame and to easily return to it after scrolling around through the output. The current target frame can be determined by checking the 'Target Frame' label at the bottom right hand corner of the RNG Reporter window.

Jump to Target Frame

This option will select, and show if it is not currently visible, the frame which you have previous marked at the target.

Center to +/- x Seconds and Set as Target Frame

This option is used to trim the frame output, centering on the selected frame and limiting the output to a certain number of seconds before and after. For example, if your target frame is 1,000 and you select this option (with one second) then frame 1,000 will set as the target and the complete listing of frames will only include those between 940 and 1060. Each second is considered to be 60 frames.

Remove Centering

Using this option will remove any of the frame trimming that is caused by the center function which was explained above.

In-Game Preparations

In addition to the physical items you need, there are a couple of in-game requirements for the most streamlined RNG manipulating experience. First of all, you should have access to the Battle Frontier. The Battle Frontier is home to the 'IV man', who can tell you about your Pokémon's total and highest IVs. He mainly comes in handy for breeding, where there are most likely to be flawless IVs flying around. More importantly, the Battle Frontier is home to the Battle Tower, which allows you to exploit Emerald's famous cloning glitch. Using Emerald's cloning glitch, you will be able to obtain as many Rare Candies as you need; at least 10 are good to have at any given time, though you may need slightly more or less depending on the Pokémon.

One Pokémon that will come in handy both for method 1 and wild Pokémon is a 'catcher'. This Pokémon will weaken and inflict status on the Pokémon you are battling, in order to make it easier to capture. The best Pokémon for this job is a high-level Smeargle; Smeargle is found in the Battle Frontier's Artisan Cave. Smeargle can Sketch False Swipe, a move that will leave the target with at least 1 HP, from either Sceptile or Nincada. It can also Sketch Spore, the only 100% accurate sleep move, from Shroomish, making it easy to get a catcher Smeargle in Hoenn. As far as wild Pokémon are concerned, you can opt to inflict paralysis instead; wild Pokémon have higher catch rates than the legendaries, so you can teach Smeargle the more common Thunder Wave if you do not wish to obtain a level 54 Shroomish.

Emerald Battle Videos

At first glance, battle videos don't appear to have any useful purpose, other than for entertainment. However, a video can be used to save and restore a specific PRNG value. Using a battle video allows cart players to reach frames that were once thought to be out of reach, as one can advance to a very high frame and save a value within quick reach of the target frame.

How it works

When you enter a battle in the Battle Frontier, as soon as the screen fades to black, that PRNG value is stored. To save the video, you must win or lose the battle—quitting doesn't allow you to save. When you view the battle video, the PRNG doesn't advance at all (not even the normal advance every frame). The value remains unchanged until the first turn begins to play out.

To find out the PRNG value stored in the video, simply use EonTimer set at a low frame like 1000, start the timer at the same time you press B to exit the video, and encounter a Pokemon when the timer runs out. A stationary Pokemon would be ideal, as it's easier to find out what frame you hit. Determine the frame you landed on, subtract that value from your target frame, and add that to the value in EonTimer.

Tips/misc. info on using Battle Videos

The RNG advances twice as fast when you're in a battle (except in the Battle Frontier, where the RNG doesn't advance at all except for battle calculations). Combine this with battle videos to advance to high frames even faster.

By using multiple battle videos, you don't have to leave the game on for one continuous period of time. Save after saving a battle video, and then load it to continue to advance the RNG another time. It would be a good idea to test the PRNG value stored for each video made to keep track of the current frame.

The only Pokemon that can't be RNG abused using battle videos are the starters, Castform, and the roaming Latias or Latios. Because the game resets after beating the Pokemon League, players can't take advantage of a different starting seed from starting a new game.

Battle videos can be saved in any facility, except for the Battle Pike and Battle Pyramid.

Ring Mac Os App

Random numbers are a primitive for cryptographic operations. They are used frequently, from generating asymmetric and symmetric keys, to initialization vectors, salts and nonces. The library abstracts them with the RandomNumberGenerator base class and its derivatives. Some of the generators are cryptographically secure, while others are not.

RandomNumberGenerator is intended to set up the interface, and you should not instantiate one. Trying to generate random numbers with RandomNumberGenerator will result in infinite stack recursion. It is OK to use a RandomNumberGenerator pointer or reference since polymorphism will ensure the derived object's implementation is used.

In general, use an auto-seeded generator like AutoSeededRandomPool. AutoSeeded* generators automatically seed the generator using the underlying OS's entropy pools. Entropy is retrieved using Crypto++'s OS_GenerateRandomBlock. On Linux, OS_GenerateRandomBlock uses /dev/random (blocking=true) or /dev/urandom (blocking=false); on Windows, it uses CryptGenRandom, and on the BSDs, it uses /dev/srandom (blocking=true) or /dev/urandom (blocking=false).

In addition to automatice seeds, you should seed the generator with any entropy you can get your hands on, even less than perfect ones. Entropy can include anything specific to the use, including any entropy a peer offers like a nonce used during key exchange. Using the peer's entropy before extracting your random bits will help mitigate some classes of attacks, like Virtual Machine playback attacks.

If you are using a generator in a multithreaded program, then use a single generator per thread or provide an external lock for a single generator. Wei Dai recommends using a generator on a per thread basis. Additionally, see WORKAROUND_MS_BUG_Q258000.

You should reseed the generator after a fork() to avoid multiple generators with the same internal state.

DefaultAutoSeededRNG

The library provides a typedef for DefaultAutoSeededRNG. In the non-FIPS DLL builds DefaultAutoSeededRNG is AutoSeededRandomPool. In the former FIPS DLL builds the library used AutoSeededX917RNG as the typedef. Both generators use OS_GenerateRandomBlock to gather seed material, so neither generator suffered the DUHK attacks.

OS Entropy

You can use OS_GenerateRandomBlock to gather entropy using whatever the underlying operating system provides. OS_GenerateRandomBlock is a global function, and not tied to any class.

On Linux, OS_GenerateRandomBlock uses /dev/random (blocking=true) or /dev/urandom (blocking=false); on Windows, it uses CryptGenRandom; and on the BSDs, it uses /dev/srandom (blocking=true) or /dev/urandom (blocking=false).

According to Theodore Ts'o on the Linux Kernel Crypto mailing list, Linux's /dev/random has been deprecated for a decade. From RFC PATCH v12 3/4: Linux Random Number Generator:

Practically no one uses /dev/random. It's essentially a deprecated interface; the primary interfaces that have been recommended for well over a decade is /dev/urandom, and now, getrandom(2).

OS_GenerateRandomBlock

OS_GenerateRandomBlock is used to gather entropy using the OS and its signature is shown below:

Once you gather entropy with OS_GenerateRandomBlock, you can use it directly or use it to seed a generator. Below, the entropy is used directly for a key and initialization vector. The key draws from /dev/random, while the iv draws from /dev/urandom on Linux.

The program will produce an output similar to below.

Seeding

Nearly all generators should be seeded before use. To test if a generator can incorporate a seed, call CanIncorporateEntropy. CanIncorporateEntropy will return true if the generator can incorporate a seed. Some generators, like Intel's deterministic random-bit generator (accessed via RDRAND) cannot accept entropy.

To seed or reseed a generator that accepts a seed, call IncorporateEntropy to add the entropy to the generator.

If you are using an AutoSeeded* generator, then the library will attempt to seed the generator for you using the underlying OS's entropy pool by way of OS_GenerateRandomBlock. You can call still seed an auto-seeded generator and add more entropy if you have it.

You should reseed the generator after a fork() to avoid multiple generators with the same internal state.

IncorporateEntropy

To seed one of the Crypto++ random number generators, call the IncorporateEntropy function. It takes a pointer to a byte block and a length:

A sample using IncorporateEntropy is shown below.

The program will produce an output similar to below.

RandomNumberSink

A RandomNumberSink allows you to add entropy to a generator. Internally, it calls IncorporateEntropy for you. Note: this is one of the times pumpAll = false is used for a Source.

Generation

This section details how to generate random numbers using the different generators. In general, you should seed a generator immediately before using it to generate bits. You should do so before each call, and not just once. Doing so helps avoid virtual machine playback attacks.

There are generally two ways to get a random number from a generator. First is with GenerateBlock, and second is with GenerateIntoBufferedTransformation. GenerateBlock takes a pointer to a buffer and a length. Internally, GenerateBlock wraps the buffer in an ArraySource and then calls GenerateIntoBufferedTransformation. The second method is GenerateIntoBufferedTransformation and its where the real work is performed. When generating into the BufferedTransformation, the generator produces the stream and places it in the specified channel.

LC_RNG

LC_RNG is a Linear Congruential Generator. Though this generator has no cryptographic value, it does allow one to reproduce results when debugging a program. Additionally, it is generally faster at generating a byte block (or stream).If one seeds the LCG with 0x00, a steady stream of 0x80 is the result. Other seeds perform as expected.

If you want to use the original constants as specified in S.K. Park and K.W. Miller's CACM paper, then you should #define LCRNG_ORIGINAL_NUMBERS before compiling the Crypto++ library. The define is available in config.h.

Current RandomPool

RandomPool is a PGP style random pool. Crypto++ 5.5 and later versions of RandomPool use AES and are hardened against VM rollback attacks. Crypto++ 5.4 and early followed PGP 2.6.x and used MDC<SHA> via typedef MDC<SHA> RandomPoolCipher. From the current randpoool.cpp:

RandomPool uses time, so each run of the generator will produce different results. But the difference between runs is weak (it only differs by the time of the call), so be sure to seed the generator with unpredictable data.

Using the generator is similar to the following:

Old RandomPool

If you need the old RandomPool generator which uses MDC<SHA> then you can find it at OldRandomPool. The OldRandomPool class was added at Crypto++ 6.0 to help provide an upgrade path. For Crypto++ 5.6.5 and earlier, you must apply the 6.0 change yourself. The check-ins of interest are Commit 02e3a794443a, Add OldRandomPool class (Issue 452) and Commit 5fbbc5311cea, Add self tests for OldRandomPool (Issue 452). The issue was tracked at Issue 452, Add OldRandomPool for pre-Crypto++ 5.5 compatibility.

There's now a wiki page about it at Old RandomPool.

AutoSeededRandomPool

Unlike LC_RNG and RandomPool, AutoSeeded generators do not require a seed. An auto seeded random pool was suggested by Leonard Janke, which Wei later incorporated into Crypto++ with version [?].

AutoSeededX917RNG

When using an X9.17 generator, you must specify an approved Block Cipher as a template parameter. If you use TripleDES (DES_EDE3), then its an X9.17 generator. If you use AES (AES), then its an X9.31 generator (the underlying algorithm did not change).

RDRAND

The library provides the RDRAND generator. The following demonstrates using the generator.

If you call GenerateBlock on a machine without RDRAND circuit, then a RDRAND_Err exception will be thrown.

NIST DRBG

The library provides two NIST's Deterministic Random Bit Generators (DRBGs). They are Hash_DRBG, and HMAC_DRBG. They are discussed at NIST DRBGs wiki page.

The generators have their own page because they are trickier to use due to randomness requirements during instantiation. In addition, they accept at least three other types of randomness distinct from the entropy required during instantiation.

RandomNumberSource

A RandomNumberSource allows you to use a generator in a pipeline.

Creating a Generator

If you would like to create generator, then derive a class from RandomNumberGenerator and provide the implementation. You must provide an override for GenerateBlock. The library's default implementation for GenerateIntoBufferedTransformation should be sufficient.

By default, the library returns false for CanIncorporateEntropy, so be sure to override it as required.

Example Generator

You can find an example of creating a generator at Mersenne Twister. The generator is somewhat tricky to implement because it is word oriented, and not byte oriented.

Ring For Mac Os

The Mersenne Twister provides overrides for GenerateBlock, GenerateWord32 and Discard. Because the generator is word oriented, there are two implications for an implementation. First, the result of GenerateWord32 must be consistent with the result of calling GenerateBlock with 1, 2, 3 and 4 byte arrays. For example, if GenerateWord32 returns 0xD091BB5C, then GenerateBlock must return 0xD0 0x91 0xBB 0x5C for 1, 2, 3 and 4 byte arrays. Second, Discard rounds up to a multiple of a word size, and then discards the required number of words (and not bytes).

Reproducibility

If you need a generator to reproduce results between runs, then you have three choices. First is to use LC_RNG, second is to use OFB_Mode<T>::Encryption or CTR_Mode<T>::Encryption, and third is to use AES_RNG. AES_RNG is not part of the Crypto++ library, but you can download it below.

OFB_Mode<T>::Encryption

OFB_Mode<T>::Encryption is used by the Crypto++ library in test.cpp to generate random numbers (where T is a block cipher like AES). The encryptor subscribes to the RandomNumberGenerator interface by way of AdditiveCipherTemplate<T>, so it can be used anywhere a Crypto++ generator is required.

Seeding occurs by keying the cipher. Keying the cipher with the same key and IV will produce the same bit stream. In the case of test.cpp, time is used, so the results can be reproduced using the same time string (the time used is printed to the console during a run of cryptest.exe v).

Note: other modes, like CBC and CFB, do not inherit from AdditiveCipherTemplate<T>, so they cannot be used as a random number generator.

An example of using OFB_Mode<T>::Encryption is shown below. Notice a random seed is fetched from the OS using OS_GenerateRandomBlock, and then same seed is used to key the cipher in the loop.

Running the program produces results similar to below.

CTR_Mode<T>::Encryption

In addition to OFB_Mode<T>::Encryption, CTR_Mode<T>::Encryption (where T is a block cipher like AES) allows you to use the block cipher as a random number generators because CTR mode inherits from AdditiveCipherTemplate<T>. As with OFB mode, CTR mode seeding occurs by keying the cipher. Keying the cipher with the same key and IV will produce the same bit stream.

The sample code is left as an exercise to the reader, but it does not differ much from the example for OFB_Mode<T>::Encryption. Just copy and paste and it should work.

AES_RNG

The AES_RNG generator uses AES-256, and it will be strong enough to meet most needs as long as its used correctly. It also allows you to use an arbitrarily sized seed because it relies upon SHA-512 to expand then extract entropy that is used to key the underlying cipher.

If you supply a seed, then the generator will always produce the same sequence because it forgoes calls to time when generating a sequence. Repeating a sequence would usually be considered 'using the generator incorrectly'. If you don't provide a seed to the constructor, then the generator will use OS_GenerateRandomBlock and each run will produce different results. This is usually considered 'using the generator correctly'.

An example of using AES_RNG is shown below. Notice a random seed is fetched from the OS using OS_GenerateRandomBlock, and then same seed is used in the AES_RNG constructor within the loop.

Running the program produces results similar to below.

Test Suite and GlobalRNG

The test and validation suites use GlobalRNG declared in validate.h and defined in test.cpp. GlobalRNG is simply a function:

Before using GlobalRNG, the test suite seeds the generator like so:

You should not use the test suite's GlobalRNG because you will have undefined symbol errors during link since your project does not include the test.cpp source file from the test suite.

Alternate Generators

Ring Macos App

If you need a generator similar in form and function to GlobalRNG, then use an AutoSeededRandomPool. Its one of the easiest generators to use safely.

You can also copy/paste the code above into your project. Be aware of the pitfalls in making s_globalRNG static, especially if its being used in other compilation units. If you want to avoid the C++ static initialization problems, then don't use the generator across translation units. Instead, create a local RNG in a function when its needed. Also see Static Initialization Order Fiasco on the wiki.

Windows Phone 8 and Windows Store 8

Crypto++ is multi-platform, and the platforms include traditional Windows desktops and servers. Crypto++ 5.6.4 increased support for Windows Phone, Windows Store and Universal Windows Platform (UWP). Improved support includes better platform integration and specialized ARM implementations. Also see Issue 143: Support for Universal Windows Platform (UWP) and Issue 164: Need NonblockingRng based on BCryptGenRandom for Windows on the GitHub bug tracker.

Random numbers can be a problem on Windows Phone 8 and Windows Store 8 because Microsoft does not provide a way for the library to obtain random numbers for its AutoSeeded generators. The coverage of the WinCrypt API and CryptoNG API simply has a big hole at Windows Phone 8 and Windows Store 8.

When compiling osrng.cpp you may see the following warning:

Remediations

There are a few ways to approach the Windows Phone 8 and Windows Store 8 gaps. First, you can abandon the platform. This appears to be the strategy used by Microsoft.

Second, you can call the managed CryptographicBuffer.GenerateRandom method for random numbers. You can also instantiate a non-AutoSeeded generator and seed it from CryptographicBuffer.GenerateRandom.

Third, you can set WINVER or _WIN32_WINNT to 0x0A00. 0x0A00 is Windows 10, and it signals Windows Phone 10, Windows Store 10 and Windows Universal Platform. Microsoft provides Bcrypt for this platform, so the library can obtain random numbers without the need for the managed CryptographicBuffer.GenerateRandom.

Fourth, you can sample sensor data and use the sampled data as the seed to a non-AutoSeeded generator. If you select this option, then be sure to extract entropy with a function like HKDF. Also be aware that sensors vary among devices - some devices are sensor rich, and other devices are sensor anemic. Anemic devices usually have one sensor and its an accelerometer for gaming. Examples of using this technique are available for Android and iOS, but not Windows Phone and Windows Store. Also see Android Activity on the Crypto++ wiki.

Sample Programs

LCG.zip - Demonstrates using the Linear Congruential PRNG to generate pseudo random bytes

RandomPool.zip - Demonstrates using a RandomPool to generate pseudo random bytes

AutoSeededX917.zip - Demonstrates using a AutoSeededX917RNG to generate pseudo random bytes

ASRP.zip - Demonstrates using an AutoSeededRandomPool to generate pseudo random bytes

AES_RNG.zip - AES-256 based random number generator that produces the same bit stream given the same seed is used in the constructor.

mersenne.zip - patch to provide Mersenne Twister implementation for Crypto++.