Calling math.randomseed( os.time() ) usually ensures that whatever subsequent use of math.random() will be more random. However, once the seed is known, guessing the number you’re going to get from math.random() is easy. Normally this wouldn’t be a problem if you’re calling randomseed when the server initializes.
My questions is now, if you’re using math.random() to secure certain things, is it better to use something like the following:
while true do
wait(1)
math.randomseed(os.time())
end
Does calling this function put a lot of stress on the game? If not, is it even necessary to call it more than once in the first place, or is the one time enough?
Calling randomseed on a regular interval and seeding it with the current time simply makes it easier to guess what the seed is. I wouldn’t recommend doing this. There is likely negligible performance overhead in calling it frequently (likely just setting a single state value), but for the above reason calling it only once is best.
Now that I think about it, you’re right. An exploiter can just grab os.time() as the seed and it’d always work. It’d have to be wait(math.random(n,n+10)) or something like that (not that it matters now since we’ve decided calling it once would suffice).
Use the Random object. If you provide it with no argument for the seed it is documented that it will use an internal source of entropy for generating a (supposedly) secure seed.
Huh. Never heard of the Random object. After looking at its documentation, that’s probably what I’ll end up using. I’d mark your’s as the solution, but it’s not necessarily aligned with this thread’s question.
Thanks for the information! Random.new() seems pretty straightforward.