Concatenating RNG with PRNG

ng flag

Is it secure to concatenate numbers from an RNG with numbers from a PRNG? I was thinking to throw a dice and use four outcomes to use as real random numbers, one outcome to change to the next permutation, and one outcome to add a pseudo-random number:

I generate a pseudo-random shuffled array from all permutations of the eyes:

shuffle([[1, 2, 3, 4, 5, 6], [1, 2, 3, 4, 6, 5], ...])

I choose the first permutation of the array. Then I throw a dice. If the position of the eyes in the permutation is 0 to 3, then I add the values 00, 01, 10, or 11 to the sequence according to the position. If the position of the value in the permutation is 4, I get 1 byte random from the PRNG (with node.js crypto.randomBytes function) and add it to the sequence. If the position of the value in the permutation is 5, then I get 2 bytes random from the PRNG and add it to the sequence. After each dice throw i change the permutation to a randomly chosen permutation. Repeating this, I would get about 25% RNG and 75% PRNG values. But the position of mixing would be random and depending on the eyes I dice.

Would this make the generated number more secure? Or is there a better way to mix these values? How does the percentage of the random number influence the quality of the total number?

Paul Uszak avatar
cn flag
What's a RNG????????
SAI Peregrinus avatar
si flag
Agreed with Paul here. You've got two PRNGs: a deterministic chaotic system (dice throw) and a deterministic CSPRNG . Quantum random sources might not be deterministic chaotic systems, and even if they are there's some non-local hidden variable that makes them indistinguishable from random. But the CSPRNG is computationally indistinguishable from random, so adding dice rolls won't improve anything.
fgrieu avatar
ng flag
By best guess is that the question uses "eyes" for the _number_ of dots on the upper face of the die after throwing it (rather than for the dots themselves); and uses "nodes" for what's more known as [Node.js]( (which has a [`crypto.randomBytes`](
Florat avatar
ng flag
So the question boils down to if I can simply concatenate two different sources of pseudo random numbers. There were bugs in implementations of computer randomness before and some people would feel more at ease when they know that a part of the randomness is controlled by another vector. This algorithm, without adding random bytes from the CSPRNG, should also generate random numbers of good quality. Really paranoid people could even throw different dices or even destroy the dices after generating the random number. This could even be incorporated into a ceremony.
Florat avatar
ng flag
I replaced the random bytes from the CSPRNG with the the time difference between dice throws. The computer adds random trough randomly choosing one of the permutations per dice throw, the dice can add random trough the number of eyes or trough the timing of dice throws. The dice adds 2 bits per four out of six dice throws and the timing adds 4 bits per two out of six dice throws. So the dice influences on average one half and the timing influences the other half of the generated random. An attacker would have to control the CSPRNG and know the timing and results of the dice throws.
I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.