Why would I use an external random number generator (RNG) instead of my own?
Our RNG is a cryptographically secure, NIST certified random number generator. This means that you save the trouble given by having to certify your own RNG. We can provide the full trust chain between our source code and the NIST certification of our RNG to our Pro clients.
Another reason is that generating large quantities of random numbers is CPU and memory intensive, and storing all these numbers on disk can also be disk intensive. This can impair the performance of small web servers and could mean you may have to upgrade your server for the only purpose of generating random numbers. Using our CSRNG Pro service can help you save a lot just by outsourcing this function.
How do you generate random numbers?
Our servers are running PHP 7 on Windows 2012 servers, a not very popular setup (called WIMP for Windows, IIS, MySQL, PHP), and the random_int() function of PHP is using the CryptGenRandom Windows function, which in turn is certified by the NIST as a truly random cryptographic level RNG.
Can you provide the “NIST certified” documentation?
The chain of trust between our RNG and the NIST certification goes as follows:
- We use the random_int() PHP 7 function to generate random numbers. As stated in the PHP documentation, when PHP runs on IIS / Windows, random_int() uses the CryptGenRandom function.
- As stated in this Microsoft document published by the NIST (See page 15, at 7.2.5), CryptGenRandom forwards the call to the FIPS approved bcryptprimitives.dll RNG library
- As listed here on the NIST website (certificate #1892), the bcryptprimitives.dll RNG is certified to FIPS 140-2 level
- Finally, the official NIST consolidated certificate listing can be found here.
How fast can you generate random numbers?
Using our CSRNG Pro version, we can generate about 1,000,000 non-unique random numbers within 3 seconds. However, the part taking the most time is the network data transfer between our servers and the host requesting it (1,000,000 numbers can take around 15MB). Generating unique random numbers takes more time, since we have to loop more times through the RNG to get all unique values. It can take up to 10 seconds to generate 100,000 unique numbers in a scope of 133,333 possibilities (the worst possible case)
Do you provide assistance in setting up the API
You can get help in our Documentation section