The problem with C's rand() function that's always trumpeted as being a "bad RNG" is not because it doesn't have a fair distribution - it does, when used properly.
The problem with C's rand() function is that it's predictable, so it's unsuitable for cryptography. Your attack rolls do not need to be cryptographically secure. The same RNG is in use in most every computer game you've ever played.
A quick test case run with 5 million iterations generating a number between 1 and 20 using srand(time(NULL)) at the beginning of execution and ((rand()/RAND_MAX)*20+1) shows that each number comes up no more than 0.02% deviation from the appropriate 5% of the time. (This is on a Windows XP platform, using MSVC++ 2005)
The distribution is fair. If it seems like you're critting too infrequently, don't blame the RNG, take a look at the calculations to make sure that all the AAs you think you've got are actually implemented yet.
|