Is there a significant difference between using a in built random number generator vs using cryptographic random number generator?

Question

I was going through the Crypto++ library RNG page and I was wondering is there any issues with using something like

 std::srand(std::time(nullptr)); //using the current time as seed 

compared to the one of the rng in crypto library?

I'm beginner in cryptography, but one possible argument could be that the crypto rng functions are collision resistant ? However, I'm not sure how much better/stronger they are quantitively

Answer 1

Non-cryptographic "random" sources are not suitable for cryptographic purposes because while they may produce values which are indeed different, the values may at least..

• perhaps have a predictable seed (often the time - predicting when a program started can cut the real entropy down to a few orders of values)
• perhaps rely on other low system entropy (consider a cloned VM between runs)
• behave badly or be logically less-complex in different environments (perhaps they use size_t and then target a 16 or 32-bit microcontroller)
• come from a quite limited pool (see DOOM m_random.c for an extreme case)
• even if the pool is large, a subset of the results may be sufficient to predict upcoming values if the ordering is always the same
• not be produced in constant time (potentially leaking information about internal state)