Random Number Generator

A random number generator is a mathematical algorithm or hardware device designed to produce a sequence of numbers that lacks any predictable pattern. This technology forms the invisible bedrock of modern digital life, securing trillions of dollars in encrypted financial transactions, ensuring fairness in video games and lotteries, and powering complex scientific simulations that model everything from climate change to molecular biology. By reading this comprehensive guide, you will master the mechanics of both true and pseudo-randomness, understand the exact mathematics used to generate these numbers, and learn how to implement expert-level randomization strategies in real-world applications.

What It Is and Why It Matters

At its most fundamental level, a random number generator (RNG) is a system that outputs a value chosen from a specified pool of possibilities, where every potential outcome has a mathematically defined probability of occurring, and no outcome can be predicted based on previous outputs. To understand why this is a profound technological challenge, you must understand a core paradox of computer science: computers are strictly deterministic machines. A computer is designed to follow explicit instructions, take specific inputs, and produce the exact same output every single time. Asking a deterministic machine to do something completely unpredictable is fundamentally contradictory. Therefore, engineers and mathematicians have had to invent incredibly clever workarounds to simulate or capture true unpredictability.

The necessity of random number generation cannot be overstated, as it solves critical problems across three major domains: security, simulation, and fairness. In the realm of cybersecurity, every time you log into your bank account or send an encrypted message, an RNG creates a unique, temporary cryptographic key. If an attacker could predict the numbers generated by your computer, they could easily decrypt your private data. In the scientific community, researchers use random numbers to power Monte Carlo simulations. These simulations rely on millions of random data points to calculate probabilities in highly complex systems, such as predicting the path of a hurricane or determining the risk of a stock portfolio. Finally, in gaming, gambling, and lotteries, RNGs are the sole mechanism guaranteeing that a slot machine payout, a deck shuffle, or a rare item drop is statistically fair and immune to manipulation. Without robust random number generators, the modern internet would be entirely insecure, scientific modeling would stall, and digital fairness would be impossible.

History and Origin of Random Number Generation

The human quest for randomness dates back millennia, long before the invention of microchips. Around 3000 BC, ancient civilizations in Mesopotamia and Egypt utilized early randomization tools like astragali (knucklebones of sheep) and multi-sided dice carved from bone or wood to make decisions, divine the future, and play board games like the Royal Game of Ur. In ancient China, practitioners of the I Ching used the complex manipulation of 50 yarrow stalks to generate random hexagrams for divination. For centuries, these physical methods were sufficient. However, as the scientific revolution dawned and statistics emerged as a formal mathematical discipline in the 19th century, researchers realized they needed vast quantities of random numbers that physical dice could not efficiently provide. In 1890, the British polymath Francis Galton designed a specialized set of dice to generate random numbers for scientific sampling, but the process remained painstakingly slow.

The modern era of random number generation officially began in 1927 when L.H.C. Tippett published a book containing 41,600 random digits, which he generated by taking numbers from census registers. This was followed by the RAND Corporation's seminal 1955 publication, "A Million Random Digits with 100,000 Normal Deviates." To create this book, RAND engineers built an electronic roulette wheel connected to a computer, generating numbers that researchers worldwide used for decades. However, looking up numbers in a physical book was vastly inefficient for the new electronic computers of the 1940s.

In 1946, the brilliant mathematician John von Neumann proposed the first algorithmic approach to random number generation for the ENIAC computer: the "middle-square" method. Von Neumann's algorithm took a number, squared it, and extracted the middle digits to serve as the next number. While revolutionary, von Neumann himself recognized the philosophical flaw in his invention, famously stating in 1951, "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." The middle-square method was quickly replaced by D.H. Lehmer's Linear Congruential Generator in 1951, a mathematical formula that remains in use today and laid the groundwork for the highly complex algorithms powering modern software.

Key Concepts and Terminology

To understand random number generation deeply, you must master the specialized vocabulary used by cryptographers and software engineers. Without a firm grasp of these terms, the mechanics of how these systems function will remain opaque.

Seed

A seed is the initial starting value inputted into a pseudo-random number generator algorithm. Because algorithms are strictly deterministic, the seed dictates the entire sequence of numbers that follows. If you provide a pseudo-random number generator with the seed 12345, it will output a specific sequence (e.g., 8, 42, 19, 7...). If you restart the generator and provide the exact same seed of 12345, it will output the exact same sequence. Therefore, the security of a pseudo-random sequence relies entirely on the unpredictability of the seed.

Entropy

In the context of computing, entropy is a measure of the unpredictability or true randomness available to a system. Computers gather entropy from unpredictable physical events occurring inside or outside the machine. This can include the exact microsecond timing of a user's keystrokes, the microscopic fluctuations in temperature of the CPU, or the static noise generated by a microphone. High-entropy data is essential for creating secure seeds.

Period

The period is the length of the sequence a pseudo-random number generator can produce before it inevitably begins to repeat itself. Because computers have finite memory, any mathematical algorithm will eventually loop back to its starting state. A generator with a period of $100$ will repeat its exact sequence after 100 numbers. Modern, high-quality algorithms have astronomically large periods; the industry standard Mersenne Twister has a period of $2^{19937}-1$, a number so large it exceeds the number of atoms in the observable universe.

Uniform Distribution

Uniform distribution describes a sequence of random numbers where every possible value within a given range has an exactly equal probability of being selected. If you are generating a number between 1 and 10, a uniform distribution ensures that the number 7 has precisely a 10% chance of appearing, just like the number 2. Most standard random number generators output numbers in a uniform distribution, which can later be mathematically transformed into other distributions (like a bell curve or normal distribution) if required by the programmer.

Types, Variations, and Methods: PRNGs vs. TRNGs

The world of random number generation is strictly divided into two primary categories, each utilizing entirely different mechanisms and solving entirely different problems. Understanding the distinction between True Random Number Generators (TRNGs) and Pseudo-Random Number Generators (PRNGs) is the most critical concept in this field.

Pseudo-Random Number Generators (PRNGs)

PRNGs are software algorithms. They rely on mathematical formulas to produce sequences of numbers that only appear random. They start with a seed value and apply a complex equation to generate the next number, using that new number as the basis for the subsequent calculation. PRNGs are incredibly fast, capable of generating billions of numbers per second, and require no special hardware. However, because they are entirely deterministic, they are highly predictable if an attacker discovers the seed value or reverse-engineers the algorithm's internal state. Therefore, standard PRNGs are used for non-security tasks: video games, statistical sampling, procedural generation in computer graphics, and basic simulations.

True Random Number Generators (TRNGs)

TRNGs do not rely on mathematical formulas; instead, they extract randomness from physical phenomena occurring in the real world. A TRNG utilizes hardware sensors to measure microscopic, inherently unpredictable physical processes. Common sources include atmospheric noise, thermal noise (the random movement of electrons in a resistor), or quantum phenomena such as the radioactive decay of isotopes or the behavior of photons hitting a semi-transparent mirror. Because these physical processes are non-deterministic according to the laws of quantum mechanics and thermodynamics, the numbers they generate are fundamentally impossible to predict, even if an attacker has infinite computing power. TRNGs are slower and more expensive to implement than PRNGs, making them reserved for high-stakes cryptographic key generation and secure lottery draws.

Cryptographically Secure Pseudo-Random Number Generators (CSPRNGs)

A CSPRNG is a hybrid approach that bridges the gap between the speed of a PRNG and the security of a TRNG. A CSPRNG is a mathematical algorithm, but it is specifically designed to withstand intense cryptographic attack. It works by taking a highly unpredictable seed generated by a hardware TRNG (entropy) and using complex cryptographic ciphers (like AES or ChaCha20) to expand that seed into a long stream of numbers. The mathematical requirement for a CSPRNG is the "next-bit test": even if an attacker knows the first 1,000,000 bits of the sequence, they must have no better than a 50% chance of guessing the 1,000,001st bit. CSPRNGs are the standard for secure web browsing (SSL/TLS), password hashing, and secure token generation.

How It Works — Step by Step (The Math Behind PRNGs)

To truly understand how a deterministic machine creates the illusion of randomness, we must examine the mathematics of a foundational algorithm. The most famous, widely taught, and historically significant PRNG is the Linear Congruential Generator (LCG). First proposed in 1951, the LCG relies on modular arithmetic to scramble numbers.

The LCG operates using a single, elegant mathematical recurrence relation: $X_{n+1} = (a \times X_n + c) \pmod m$

Here is the exact definition of every variable in this formula:

• $X_{n+1}$: The new random number being generated.
• $X_n$: The previous random number (or, for the very first calculation, the initial seed).
• $a$: The multiplier (a constant integer chosen by the programmer).
• $c$: The increment (a constant integer chosen by the programmer).
• $m$: The modulus (a constant integer chosen by the programmer, representing the maximum possible number of distinct values the generator can output).
• $\pmod m$: The modulo operation. This means you divide the result of $(a \times X_n + c)$ by $m$ and keep only the remainder.

Full Worked Example

Let us build a functional Linear Congruential Generator on paper. We will choose small numbers to make the math transparent. We will set our parameters as follows:

• Modulus ($m$) = 16 (Our numbers will range from 0 to 15)
• Multiplier ($a$) = 5
• Increment ($c$) = 3
• Initial Seed ($X_0$) = 7

Step 1: Generating the first number ($X_1$) We plug our seed ($X_0 = 7$) into the formula: $X_1 = (5 \times 7 + 3) \pmod{16}$ $X_1 = (35 + 3) \pmod{16}$ $X_1 = 38 \pmod{16}$ To find $38 \pmod{16}$, we divide 38 by 16. 16 goes into 38 two times ($16 \times 2 = 32$), leaving a remainder of 6. Result: Our first random number is 6.

Step 2: Generating the second number ($X_2$) We take our previous result ($X_1 = 6$) and plug it back into the formula: $X_2 = (5 \times 6 + 3) \pmod{16}$ $X_2 = (30 + 3) \pmod{16}$ $X_2 = 33 \pmod{16}$ Divide 33 by 16. It goes in twice (32), leaving a remainder of 1. Result: Our second random number is 1.

Step 3: Generating the third number ($X_3$) We take our previous result ($X_2 = 1$) and plug it in: $X_3 = (5 \times 1 + 3) \pmod{16}$ $X_3 = (5 + 3) \pmod{16}$ $X_3 = 8 \pmod{16}$ Divide 8 by 16. It goes in zero times, leaving a remainder of 8. Result: Our third random number is 8.

From a starting seed of 7, our algorithm has generated the sequence: 6, 1, 8. While this math is simple, when an LCG is scaled up using a modulus of $2^{31}-1$ (2,147,483,647) and a massive multiplier, the resulting sequence of remainders bounces wildly and unpredictably across a vast range of numbers, successfully simulating randomness for basic applications.

Advanced Algorithms: The Mersenne Twister and Beyond

While the Linear Congruential Generator is excellent for educational purposes, it possesses severe statistical flaws. If you plot the outputs of an LCG on a 3D graph, the numbers align into distinct, predictable planes—a phenomenon known as the Marsaglia Effect. Because of this flaw, modern computer science required a more robust solution. In 1997, Japanese mathematicians Makoto Matsumoto and Takuji Nishimura published the Mersenne Twister (specifically the MT19937 variant), which fundamentally revolutionized software random number generation.

The Mersenne Twister derives its name from the fact that its period length is a Mersenne prime—specifically, $2^{19937}-1$. This period is so astronomically vast that if a computer generated a billion numbers a second since the Big Bang, it would not even come close to repeating the sequence. The algorithm works by maintaining a large internal state array of 624 32-bit integers. It uses bitwise operations—shifting binary bits left and right, and using XOR (exclusive OR) logic gates—to "twist" these numbers together, extracting highly uniform random numbers. Because it relies on fast bitwise operations rather than heavy division or multiplication, it is incredibly fast. Today, the Mersenne Twister is the default PRNG in Python, Ruby, PHP, Excel, and C++.

However, the field continues to evolve. In 2014, Melissa O'Neill introduced the PCG (Permuted Congruential Generator) family of algorithms. PCG addresses the main criticism of the Mersenne Twister: its massive memory footprint (2.5 kilobytes of state) and its slow recovery from poor initial seeds. PCG uses a standard LCG at its core to advance its internal state, but applies complex cryptographic-style permutations to the output. This results in an algorithm that is faster than the Mersenne Twister, requires only a few bytes of memory, and passes the most rigorous statistical tests available. Modern languages like Rust and Go have begun adopting PCG or similar algorithms as their default generators.

Real-World Examples and Applications

To understand the practical utility of random number generators, we must examine how specific industries deploy these algorithms to solve tangible problems. The applications range from high-stakes financial security to the fundamental mechanics of the video game industry.

Scenario 1: State Lotteries and Gambling

Consider the US Powerball lottery, where a player must match 5 white balls (drawn from 1 to 69) and 1 red ball (drawn from 1 to 26). The odds of winning the jackpot are exactly 1 in 292,201,338. Historically, lotteries used physical tumbling machines with ping-pong balls. Today, many state lotteries and all digital slot machines use specialized TRNG hardware. A digital slot machine continuously generates thousands of random numbers per second, even when nobody is playing. The exact millisecond a player presses the "Spin" button, the machine grabs the most recently generated number, divides it by the number of possible reel combinations, and uses the remainder to determine the exact symbols displayed on the screen. This continuous generation guarantees that the outcome is entirely dependent on the exact microsecond the button was pushed.

Scenario 2: Cryptography and Secure Communications

Imagine a 35-year-old financial analyst logging into their bank portal to wire $85,000. When their browser connects to the bank's server, the two computers must establish a secure, encrypted connection using the TLS (Transport Layer Security) protocol. To do this, the bank's server uses a CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) to generate a unique 256-bit symmetric encryption key. A 256-bit key is a random string of 256 ones and zeros, representing $1.15 \times 10^{77}$ possible combinations. The CSPRNG pulls entropy from the server's hardware (disk read times, network packet arrival times) to seed the algorithm. Without this flawless randomness, a hacker monitoring the Wi-Fi network could mathematically deduce the key and steal the $85,000.

Scenario 3: Monte Carlo Simulations in Finance

A quantitative developer working at a hedge fund needs to price a complex European options contract. Because the future movement of the stock market is uncertain, the developer uses a Monte Carlo simulation. They write a program that uses a PRNG (like the Mersenne Twister) to generate 100,000 random potential future price paths for the stock over the next 365 days, based on the stock's historical volatility. The PRNG provides the randomized daily price fluctuations. The program then calculates the option's payoff at the end of each of the 100,000 simulated paths and averages the results. This average provides a highly accurate, mathematically sound current price for the options contract.

Common Mistakes and Misconceptions

Because human brains are evolutionarily hardwired to find patterns, our intuitive understanding of randomness is notoriously flawed. This leads to several pervasive misconceptions regarding how random number generators work and what true randomness actually looks like.

The most common misconception is the belief that "random" means "evenly distributed without streaks." In reality, true randomness contains frequent clusters and streaks. If you flip a fair coin 100 times, there is a 97% probability that you will see a streak of five heads or five tails in a row. When Apple first introduced the "Shuffle" feature on the iPod, they used a true random number generator to select the next song. Users complained bitterly, claiming the algorithm was broken because it would frequently play two songs by the same artist back-to-back. Apple had to rewrite their algorithm to make it less mathematically random and more artificially uniform to satisfy the human expectation of randomness.

Another critical mistake made by junior software developers is using standard PRNGs for security purposes. A developer might use a built-in function like Math.random() in JavaScript to generate a temporary password or a password reset token. Functions like Math.random() are designed for speed, not security; their internal state can often be deduced after observing just a few outputs. In 2013, developers of the Android Bitcoin wallet app used a weak PRNG to generate the cryptographic signatures for Bitcoin transactions. Hackers were able to reverse-engineer the predictable random numbers, deduce the users' private keys, and steal millions of dollars in cryptocurrency. Standard PRNGs must never be used in contexts where an adversary might benefit from predicting the outcome.

Best Practices and Expert Strategies

Professional software engineers and cryptographers adhere to strict frameworks when implementing random number generation to ensure security, efficiency, and statistical validity. Mastering these best practices is what separates a novice programmer from a senior architect.

Utilizing the Operating System's Entropy Pool

Experts never attempt to write their own algorithms to gather entropy or generate seeds. Instead, they rely on the operating system, which constantly collects high-quality entropy from hardware interrupts and drivers. On Unix-based systems (Linux, macOS), developers read from the special file /dev/urandom. This file acts as an interface to the kernel's CSPRNG. It automatically gathers environmental noise, uses it to seed a secure cryptographic cipher, and streams out highly secure random bytes. Modern programming languages provide secure wrappers for this, such as os.urandom() in Python or SecureRandom in Java.

Avoiding Modulo Bias

A frequent technical error occurs when developers need a random number within a specific range (e.g., a number between 0 and 9) and attempt to use the modulo operator on a large random integer (e.g., random_integer % 10). If the maximum value of the random integer is not perfectly divisible by 10, this introduces "modulo bias." For example, if your generator outputs numbers from 0 to 12, and you use % 10, the numbers 0, 1, and 2 will have a 2/13 chance of appearing, while 3 through 9 will only have a 1/13 chance. Experts eliminate modulo bias using "rejection sampling." They generate a random number, and if it falls within the uneven upper bound of the generator's range, they simply discard it and generate a new number until they get one that falls within a perfectly divisible range.

Explicit Seeding for Reproducibility

In scientific research and software testing, unpredictability is actually a liability. If a data scientist is running a machine learning simulation that utilizes random numbers to initialize neural network weights, they must be able to reproduce their exact results to prove their findings. The expert strategy is to explicitly set a hardcoded seed at the beginning of the script (e.g., random.seed(42)). By doing this, the PRNG will output the exact same sequence of "random" numbers every single time the script runs, allowing other researchers to verify the exact behavior of the model.

Edge Cases, Limitations, and Pitfalls

Even the most robust random number generators have boundaries where their mathematical assumptions break down. Understanding these limitations is critical for systems operating at extreme scale or in constrained environments.

One major limitation occurs in Internet of Things (IoT) devices, such as smart thermostats or Wi-Fi security cameras. These devices utilize lightweight embedded processors that lack the complex hardware interfaces of a desktop computer (no hard drives, no human keystrokes). When an IoT device first boots up, its entropy pool is completely empty. If the device immediately attempts to generate a cryptographic key to connect to a secure server, the CSPRNG might be seeded with highly predictable data (like the exact time of boot, or the device's MAC address). Hackers routinely exploit this "boot-time entropy hole" to guess the cryptographic keys of IoT devices and hijack them into botnets. Engineers must mitigate this by saving a secure seed to the device's non-volatile memory before shutting down, using it to jumpstart the entropy pool on the next boot.

Another edge case involves the exhaustion of a PRNG's period in massive distributed computing. If a research team uses a supercomputer with 10,000 parallel processors to run a massive Monte Carlo simulation, and they naively seed a separate standard PRNG on each processor, there is a high statistical probability that the sequences of numbers generated by different processors will overlap. If Processor A generates the exact same sequence of random numbers as Processor B, the simulation's statistical validity is destroyed. To prevent this, researchers must use specialized algorithms like the PCG family, which support "streams." Streams allow a single algorithm to be mathematically partitioned into millions of distinct, non-overlapping sequences, ensuring that parallel processors never duplicate work.

Industry Standards and Benchmarks

Because verifying randomness is mathematically complex, the technology industry relies on rigorous standards published by government bodies and academic institutions. These benchmarks define what constitutes a statistically sound or cryptographically secure random number generator.

The most authoritative standard in the world is the National Institute of Standards and Technology (NIST) Special Publication 800-90A. This document provides the exact specifications for building Cryptographically Secure Pseudo-Random Number Generators approved for use by the US federal government. It mandates the use of specific cryptographic primitives, such as the Hash_DRBG (using SHA-256) or the CTR_DRBG (using AES encryption). Any software or hardware vendor wishing to sell secure systems to the government must prove their RNG complies with NIST SP 800-90A and undergoes certification under the FIPS 140-3 (Federal Information Processing Standards) program.

To test the statistical quality of standard PRNGs, mathematicians rely on massive, standardized test suites. The most famous historical suite is the "Diehard tests," developed by George Marsaglia in 1995. Diehard subjects a file of random numbers to complex statistical evaluations, such as the "Parking Lot Test" (plotting points to see if they crash into each other) and the "Craps Test" (simulating 200,000 games of craps to check the win rates). Today, Diehard has been superseded by TestU01, developed by Pierre L'Ecuyer in 2007. TestU01's most rigorous benchmark is the "Big Crush" suite, which subjects a generator to 106 distinct statistical tests, consuming billions of random numbers and taking hours to run. If an algorithm produces a p-value outside the acceptable range (typically $p < 0.001$ or $p > 0.999$) on any of these tests, it is considered statistically flawed.

Comparisons with Alternatives: Random vs. Quasi-Random

While standard random number generators are the default tool for most applications, they are not always the most efficient mathematical tool. In advanced computational mathematics, particularly high-dimensional integration and rendering, engineers frequently replace standard RNGs with Quasi-Random Number Generators (QRNGs).

Standard PRNGs generate independent numbers. As established earlier, this independence naturally leads to clustering; if you plot standard random points on a 2D square, you will see dense clumps of dots and wide, empty gaps. If you are using these points to sample an area (Monte Carlo integration), these clumps and gaps make your calculation highly inefficient, as you are over-sampling some areas and ignoring others.

Quasi-Random Number Generators (also known as Low-Discrepancy Sequences, such as the Sobol sequence or the Halton sequence) solve this problem. QRNGs do not generate truly independent random numbers. Instead, they generate sequences of numbers that are mathematically designed to avoid each other, actively seeking out the empty spaces in a dataset. If you plot quasi-random points on a square, they spread out perfectly, covering the area with highly uniform precision.

Comparison:

• Use Standard PRNGs when: You need unpredictability, fairness, or independence between events (e.g., shuffling a deck of cards, generating a cryptographic key, simulating a random walk).
• Use Quasi-Random Sequences when: You need to evenly sample a complex mathematical space as quickly as possible, and unpredictability does not matter (e.g., calculating the lighting paths in 3D computer graphics rendering, or pricing complex financial derivatives). Using a Sobol sequence in a financial Monte Carlo simulation can reduce the required computing time from hours to minutes because the algorithm converges on the correct answer exponentially faster than standard random sampling.

Frequently Asked Questions

Can a random number generator be hacked? Yes, but the method depends entirely on the type of generator. A standard PRNG (like those used in basic video games) can be trivially "hacked" if an attacker observes a few output numbers, reverse-engineers the mathematical formula, and calculates the internal state to predict all future numbers. A Cryptographically Secure PRNG cannot be mathematically predicted in this way. However, CSPRNGs can be hacked if the attacker compromises the physical hardware (e.g., reading the computer's memory to steal the seed) or if the software developer implements the generator poorly, such as failing to gather sufficient entropy during the system boot process.

What is a seed, and why do we need it? A seed is the initial numerical value fed into a pseudo-random number algorithm. Because computer algorithms are strictly deterministic (they follow rules exactly), they cannot create randomness out of thin air. They must have a starting point. The algorithm takes the seed and scrambles it mathematically to produce the first random number. We need seeds because they dictate the entire subsequent chain of numbers. If you know the seed, you know every number the generator will ever produce.

Why does my random number generator output the same sequence every time? This occurs because you are using a pseudo-random number generator and you are providing it with the exact same initial seed value every time your program runs. Many programming languages require you to explicitly initialize the generator with a changing value. To fix this, developers typically seed their PRNG using the current system time (e.g., the number of milliseconds elapsed since January 1, 1970). Because the exact millisecond you run the program is always different, the seed is different, resulting in a unique sequence of numbers on every execution.

Is the Mersenne Twister cryptographically secure? No, the Mersenne Twister is absolutely not cryptographically secure. Despite its massive period and excellent statistical distribution, its internal mathematical transformations are linear and easily reversible. If an attacker observes exactly 624 consecutive outputs from a standard MT19937 generator, they have enough information to completely reconstruct the algorithm's internal state array. From that moment on, they can perfectly predict every subsequent number the generator will produce. It should never be used for passwords, tokens, or encryption.

How do hardware random number generators work? Hardware True Random Number Generators (TRNGs) work by measuring microscopic physical phenomena that are inherently unpredictable according to the laws of physics. A common method involves measuring thermal noise: the random microscopic vibrations of electrons inside a semiconductor resistor caused by heat. An analog-to-digital converter measures the tiny voltage fluctuations caused by these vibrating electrons and translates those fluctuations into digital ones and zeros. Because the movement of the electrons is governed by quantum mechanics, the resulting numbers are fundamentally impossible to predict.

What is modulo bias? Modulo bias is a statistical flaw introduced when a programmer uses the modulo operator (%) to force a large random integer into a smaller range, and the maximum value of the random integer is not evenly divisible by the desired range. This results in the lower numbers in the target range appearing slightly more frequently than the higher numbers. While the bias might be mathematically tiny (e.g., a fraction of a percent), in high-volume applications like online poker or cryptography, this slight statistical edge can be exploited by attackers to break the system or gain an unfair advantage. It is mitigated by using rejection sampling.