How significantly decreased is the entropy of rand() ^ rand()?

Assuming a language-agnostic setup in which the rand() function has a flawless implementation and returns a very large (let's say 128 bits), strong random unsigned integer, I should have fairly low chances of getting the same number twice considering the period of the RNG would be astronomically huge.

a = rand(); // very very low chances of getting twice the same number

However, if I XOR two such random integers, how significantly i开发者_开发百科s the entropy of the oputput decreased? In other words, how worse are the chances that such a function:

def xorRand(): return rand() ^ rand();

returns twice the same number, compared to my hypothetical rand() alone?

Suppose you had a 1-bit PRNG. The possible outcomes are:

1 ^ 1  -> 0
1 ^ 0  -> 1
0 ^ 1  -> 1
0 ^ 0  -> 0

So it looks to me as if it makes no difference.

If the rand() function is a good implementation as you said, there's no difference between using rand() or xorRand() except that the latter takes twice the time.

If all of the 128 output bits are used, rand() will return each number with the same probability, so it will have chance 1:2**128 to return the same number as before. Same for xorRand(), as the XOR function is "symmetric" and returns equally distributed outputs for two equally distributed inputs.

This will only change if you either use a bad rand() implementation or a different "assymetric" operator like AND.

Note that using xorRand() often will even improve entropy for bad rand() implementations, f.e. think of a rand() that alternately returns a good random number and 0.

By the way, if you want to prevent your random function to generate the same number twice, do it yourself, f.e. by using a shuffle algorithm. There are many SO questions and answers that deal with this (like this one).