Slashdot Mirror

← Back to Domains

Domain: random.org

Stories and comments across the archive that link to random.org.

Comments · 99

  1. Start with a good password by NewYork · · Score: 1 · on Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking?

    https://www.random.org/passwor...

  2. Re:Generators by jandersen · · Score: 1 · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    https://www.random.org/passwor...

    With a length of at least 10, preferably 20 or more.

    I don't think so, for several reasons:

    - A password should be hard to guess, but not so hard to remember that you start writing it down or use a password store (or SSO).
    - Can we really trust a third party random password generator? How well designed is the algorithm? How well protected is the software from attack?

    I tend to start with a word in an obscure language that I happen to know reasonably well and mangle the spelling a bit - like if you start with a word in Her Majesty's English, translate it into a regional dialect, and then "chenge ther spaling" to something that is more phonetic in your opinion. There are many languages, if you are keen on that sort of thing: Middle English, Sumerian, Inuit, Mayan, Swahili, ... It will take a while before the average cracker gets around to collecting dictionaries to cover them all. And one could start moving into the further reaches of Unicode as well. The point of this exercise is to avoid having to try to remember a string of meaningless characters, that difficult to type and impossible to pronounce, while being difficult to guess.

  3. lies and statistics by Tom · · Score: 5, Insightful · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    The first thing you need to do is stop listening to statistics someone else faked.

    Of all the various ways in which attackers can gain passwords, only two involve cracking them (brute-force and cracking a password database). One of them should be a non-issue, because any software or service that doesn't protect against brute-force is fundamentally broken and shouldn't be trusted with your password anyway. Make your password "a", save everyone the trouble. For a password database crack, firstly the security of the server already failed, and then you're at their mercy a second time because if the password is stored unencrypted, you're fucked. If the password is stored hashed but not salted, you are pretty much fucked. And if the password is properly hashed and salted, congratulations you have the one scenario where a good password actually matters.

    In all other attacks on your password, from phishing to shoulder-surfing and keyloggers, it doesn't matter how good your password is, how long it is or how complex it is.

    So, if you are really so concerned about the one scenario that you are ready to type V9AnKH5Crpfukuy5gAFB till the end of your days, go to https://www.random.org/passwor... and fire it up. Because all the hints you find on making a "good" password are also known to the people writing password crackers and coded into the pertubation algorithms. True randomness is your best bet.

    The one thing that matters, and there's an article about it but I'm too lazy to google it, is length. Length > Complexity. "aaaaaaaaaaaaaaa" is more secure than any variation of 8 characters ever will be, simply because, at least until this post, no password cracker would run the chain like a, aa, aaa, aaaa, ... to arbitrary length.

    IMHO, and I am an expert in the field and given speeches about password security, forget all the "password complexity" rules, they are all bullshit. They're the safety net that makes sure that "password" is not a legal password on your system. But the world continuously invents better idiots, so "password1!" is and you're fucked anyway.

  4. Re:Standard C library... by ceoyoyo · · Score: 1 · on TSA Paid $1.4 Million For Randomizer App That Chooses Left Or Right (geek.com)

    I'll give you an iPad that gives you a truly random result for only $1 million. It will just feed numbers from https://www.random.org/.

  5. Re:Real nerd news. Reminds me of me. by KGIII · · Score: 1 · on Experimental Study of 29 Polyhedral Dice Using Rolling Machine, OpenCV Analysis (markfickett.com)

    I highlighted your comment, from web-based to cosmic noise" and right clicked on it. I then selected search and followed the very first link at Google. I think figured I'd find out if it was what you spoke of and search to see if they had a way to grab it by bash or Python from the terminal but, I digress.

    Is this the service that you speak of?
    https://www.random.org/history...

  6. Re:Use computers instead? by bughunter · · Score: 1 · on Experimental Study of 29 Polyhedral Dice Using Rolling Machine, OpenCV Analysis (markfickett.com)

    This already exists. Use your smartphone's browser.

    And I bet if you searched, you can find free apps that use data from random.org.

    But most tabletop gamers prefer the heft and feel of real dice. It's much more fun to roll 6d6 for your mage's fireball than to punch a button on an app.

    I recall one Car Wars head on collision where I got to roll 26 dice for damage. I had only brought 12 to the game, but wanted to roll 26d6 - when was I ever going to get another chance? We had to collect d6's from multiple people, and it was a big ol' handful of dice.

    And yes, we both confettied.

  7. Re:Entropy as a service by heldal · · Score: 1 · on Linux Servers' Entropy Pool Too Shallow, Compromising Security

    https://www.random.org?

  8. Re:Honestly ... by djbckr · · Score: 1 · on Allegation: Lottery Official Hacked RNG To Score Winning Ticket

    Legitimate question: Does https://www.random.org/ seem to be a good place to get *really* random numbers? I'm curious if it's suitable for reliable random number generation. Based on the site it seems so, but I was wondering if somebody smarter than me could answer that with some degree of confidence.

  9. Re:Obligatory reminder that an alternative exists by Carewolf · · Score: 1 · on OpenSSL 1.0.2 Released

    That's at least three sorts of nonsense:

    https://www.fourmilab.ch/hotbi...

    https://www.random.org/

    http://random.hd.org/

    The OS has no magic either, or are you saying that it's random seeds all the way down?

    Rgds

    Damon

    Yes. There is for thing dedicated random number hardware and there is hardware that can produce partially random data, such as network cards and radios, but the latter are only really good when combined with eachother and with a random number tracker, which is something the OS can do.

  10. Re:Obligatory reminder that an alternative exists by DamonHD · · Score: 1 · on OpenSSL 1.0.2 Released

    That's at least three sorts of nonsense:

    https://www.fourmilab.ch/hotbi...

    https://www.random.org/

    http://random.hd.org/

    The OS has no magic either, or are you saying that it's random seeds all the way down?

    Rgds

    Damon

  11. Re:No thanks by Anonymous Coward · · Score: 0 · on Obama: Gov't Shouldn't Be Hampered By Encrypted Communications

    Obama was elected twice;

    Hey, fool, didn't you know that the votes do nothing? Our representatives do not represent us, We live in a plutocracy. Besides, since the paper trail has been erased and our voting machines are hacked, we might as well just ask the head of CIA or NSA who they want to be the next president (Once CIA head said "Me" another time he said "My son", currently looks like NSA wanted the Obamas and spy-friendly Clintons before that).

    Please do not insinuate that I have we citizens have any control over our government. We do not. They have gone rogue, and the only reason we don't revolt is because. "Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed." (from the US Declaration of Independence) We haven't quite suffered enough.

    Fortunately our founding fathers gave us legal tools to use to replace our government without resorting to violent revolution (which the Pentagon has been gearing up to prevent, in the name of 'energy crisis' fears). We can fire congress and impeach the illegitimate presidents and judges; Failing this, we have the 2nd amendment.

    Interesting thing about the 2nd amendment: Crypto was once classified as a munitions (essentially), so we should have the right to bear Crypto. Failing that, we have shown in the past that the 1st amendment right to publish crypto program source code. So, Obama is going to have to stomp on our 1st amendment rights. You can make it illegal to encrypt my own data, but I can just as simply (and legally) store and publish gigs of random noise (indistinguishable from encrypted data). Good luck outlawing archives of atmospheric noise, or proving that such are not encrypted messages. Also, every communication could potentially contain stenographically encoded data. The message could be in the inflection of my words, or my choice of phrases, even without any encryption system in use. Point being: Outlawing current encryption methods will do absolutely nothing to thwart "terrorist" communications. Tell you what it will do though: Ensure whomever suggests such legislation is never at peace from the deluge of messages from nerds with phones, pens, and keyboards in reach.

    The problem is you.

    No, the problem is not me. It is possible to have a problem without being the cause of it, moron.

  12. Re:They wanted to release this years ago... by mythosaz · · Score: 1 · on Facebook Sets Up Shop On Tor

    Which means if they had meager 1,000 1.5Ghz machines at their disposal, they could have generated 1000 different facebookXXXXXXXX addresses in 25 days and picked the best one.

    A thousand random 8-character strings didn't get me any cool names: http://www.random.org/strings/...

    ...but I'm pretty sure 1000x1.5Ghzx25d is on the low end of what Facebook can deliver for a project.

  13. Re:Shocked I am! Shocked! by Noryungi · · Score: 1 · on LibreSSL PRNG Vulnerability Patched

    I've spent the past 5 years of my life fully employed in the design, creation, testing, and deployment of secure RNGs.

    Citation needed. Seriously, this is /. where everyone is a world-class programmer (except me, of course).

    The world is full of bad PRNGs, NRNGs, CSPRNGs, DRBGs, TRNGs and any other form of RNG.

    I will grant you that one.

    LibreSSL doesn't have a leg to stand on. A good secure RNG will return unpredictable output.

    Bzzzzt! Sorry, you lose. As I have already said, this is not a LibreSSL problem - it's a Linux PRNG problem. Unless I am mistaken, the same issue is non-existent under OpenBSD, because it's PRNG is different from Linux, better seeded and because PIDs are randomized under that OS.

    We know how to do these things. It isn't trivial, but it isn't hard either.

    You contradict yourself: if programming PRNGs is, let's say, a medium difficulty task (neither trivial nor too hard), how come you have spent years designing and programnming PRNGs (your words, not mine) and how come the world is full of bad bad bad PRNGs? Surely, by now, everyone would have agreed on a reasonable implementation?

    The truth is, PRNGs are HARD to program, because computers are not good at generating truly random numbers. Period. The best implementations all rely on some form of hardware generator. But don't take my word for it, go ahead and read this instead.

    Allowing someone to extract predictable behavior from the service end of a security library is a gross failure and an exposition of incompetence.

    As opposed to the magnificent job OpenSSL has done all these years, with information leakage, bug reports that went uncorrected for years and accumulated cruft for such modern OS as VMS, DOS and Windows 3.1?

    I think you need to tone down the hysteria a notch right here.

  14. Re:Random? by hcs_$reboot · · Score: 1 · on eBay Japan Passwords Revealed As Username+123456

    not in PHP (Windows)

  15. NSA Honeypot by Anonymous Coward · · Score: 0 · on FreeBSD Developers Will Not Trust Chip-Based Encryption

    The NSA has an innocent-looking honeypot right here for all you wise-guys.

    If you want proper random numbers, get yourself a radioactive source.

  16. Re:I was born in the wrong era... by Molt · · Score: 1 · on Managing an Elite eSport Team

    Computers can pick totally random numbers, they're called TRNGs (True Random Number Generator) it's a basic requirement of a lot of cryptographic systems as any bias significantly weakens the system. The example Tepples posted with the least significant bit of an audio source is one example, another common one is the thermal noise from measuring temperatures of internal components. If for some reason a machine needs a lot of random numbers, more than these common sources can provide in a given time, then there are actually radioactive decay based random number generators available for computers- set it so there's a 50% chance of a GM tube detecting a decay event in a given (short) time and enjoy some true quantum random numbers, or just have a lot of thermal noise sensors in a single device..

    Have a look at any of the discussions about how /dev/random works, or have a read of Random.org

    Humans on the other hand can't produce truly random behavior, or at least that's the result of most studies- both clinical and ad hoc. Have a look at Is 17 the most random number? where people were asked to pick a number between 1 and 20. Our brains may actually have a mechanism to choose a totally random outcome from a series of possibilities, there's a lot of uncertainty still on how the brain works at the most fundamental levels, but trying to consicously choose a random decision involves filtering through all of the personal and cultural biases into the conscious mind it's nowhere near random. "A number from one to twenty? Hmm. Eight. Hold on, no, I live at number eight, and have been thinking about going home. Must remember to buy milk. Twenty? Too obvious, it's the top and is a crit on a d20 in D&D, everyone'll choose that. Nineteen? Bah, only thinking of that because I can't use twenty. Thirteen? Well, it would show that I'm not superstitious but it's still too obvious. I'll go for seventeen, no one will choose that!"

  17. Re:Why is this an Ask Slashdot? by cdrudge · · Score: 2 · on Ask Slashdot: Should Scientists Build a New Particle Collider In Japan?

    Here you go. That's will show you the real time present stat.

  18. Re:Arrow of Time... by smittyoneeach · · Score: 0 · on Particle Physicists Confirm Arrow of Time Using B Meson Measurements

    Oh, many a shaft at random sent
    Finds mark the archer little meant!
    And many a word at random spoken
    May soothe, or wound, a heart that's broken!
    —Sir Walter Scott, Lord of the Isles

  19. Re:nearly any input? by Maximum+Prophet · · Score: 2 · on VLC 's Beta For Android Is Ready — Unless You're North American

    Whatever. I tried piping some input to it and it failed miserably.

    Hmm, I don't know what the problem was. I tried random input and it worked great. Just like I expected it to. (:-)

  20. nearly any input? by Ardeaem · · Score: 4, Funny · on VLC 's Beta For Android Is Ready — Unless You're North American

    Whatever. I tried piping some input to it and it failed miserably.

  21. Re:determinism by Anguirel · · Score: 1 · on Free Speech For Computers?

    Anyway, how does the randomness that we see, such as nuclear decay, actually happen? Generating random numbers from a computer is impossible, and the current idea that the universe is deterministic with random elements seems a little contradictory to me.

    Insufficient understanding or insufficient capability to completely model the system does not necessarily make in non-deterministic. That said, a computer can generate numbers as randomly as anything in the universe can be said to be random.

    Of course if there is no free will I had to write this, and you had to have whatever reaction you are having to reading it.

    Naturally.

  22. Re:Wrong by pongo000 · · Score: 4, Insightful · on Your Passwords Don't Suck — It's Your Policies

    The trouble with the pass phrase concept is that the whole words just become tokens. Most people's vocabulary is not that large.

    That's why you use a standardized list of tokens (mostly words, but some non-word tokens as well) such as Diceware. With 7776 tokens, the keyspace is far larger than the "normal 7 character" password. The trick is to ensure that you are choosing the tokens randomly. You can use dice, your favorite random number generator, etc. I use several 4- and 5-token passphrases that I have remembered literally for years, each one unique. Type them enough times, and muscle memory takes care of the rest. Even after a period of non-use, it amazes me how my fingers will remember the passphrase but yet I can't recall the passphrase itself.

  23. Re:Random is as random does by Anonymous Coward · · Score: 0 · on Exploiting Network Captures For Truer Randomness

    ... both of which concluded that the numbers are sound....

    If they are sound then why can't I hear them?

  24. Better ways to do random by joe_cot · · Score: 2 · on Exploiting Network Captures For Truer Randomness
    As a number of commenters have pointed out, /dev/random is actually way more random than what this article suggests doing. If you want stuff that actually is more random, or need a lot more random data, here are some options.
    • Random.org provides random data generated by radio noise. You can get as much random data as you'd like. Gaming websites download their random data in 5MB chunks to use for card shuffles and dice rolls.
    • HotBits is a similar idea, but uses radioactive decay instead of radio waves
    • If you want to do it in house, you can do so with a smoke detector and a webcam. This was submitted to slashdot in 2006
    • Finally, if you need a ton of random numbers, and they must be random, you can buy RNG hardware

    What do i do? if I don't really care if it's random, I use the RPG from the programming language I'm using, or /dev/random. If I really, really care that it's random, I download a chunk of data off random.org, and either use that for the numbers, or use it to seed my RNG. For the most part, anything more than that is overkill.

  25. computer music?? by Tyrannosaur · · Score: 1 · on Exploiting Network Captures For Truer Randomness

    Do people actually enjoy this sort of thing? I listen to Boston - Tom Sholtz made a point to put "no computers were made in the production of this album" This is how music should be: acoustic and awesome. oh and PS randomness is way easier to produce- http://www.random.org/ Mads Haar does it with atmospheric noise. In fact, my high school science fair project involved proving it is a very easy thing to reproduce for personal use.

  26. Re:Random is as random does by dotancohen · · Score: 2 · on Exploiting Network Captures For Truer Randomness

    http://www.random.org/faq/

    Q2.1: How can you be sure the numbers are really random?

    Oddly enough, it is theoretically impossible to prove that a random number generator is really random.

    http://dilbert.com/strips/comic/2001-10-25/

  27. Random is as random does by Freddybear · · Score: 1 · on Exploiting Network Captures For Truer Randomness

    http://www.random.org/faq/

    Q2.1: How can you be sure the numbers are really random?

    Oddly enough, it is theoretically impossible to prove that a random number generator is really random. Rather, you analyse an increasing amount of numbers produced by a given generator, and depending on the results, your confidence in the generator increases (or decreases, as the case may be). This is explained in more detail on my Statistical Analysis page, which also contains two studies of the numbers generated by RANDOM.ORG, both of which concluded that the numbers are sound. In addition, the continually updated Real-Time Statistics page gives you an indication of the quality of the numbers produced over time.

  28. RANDOM.ORG by Freddybear · · Score: 2 · on Green Card Lottery Judgment Favors Mathematical Randomness

    http://www.random.org/randomness/ has a useful discussion of pseudo-random (program generated) versus "true" (aka physically generated) random numbers.

  29. Re:Would MAC address filtering counter this proble by grumling · · Score: 1 · on The Wi-Fi Hacking Neighbor From Hell

    http://www.random.org/passwords/ has a fairly good pw generator. Make a bunch and pick 2 strung together.

  30. Re:Boggles the mind by Seth+Kriticos · · Score: 2 · on $1.2 Million Worth of MS Points Taken After Hackers Figure Out Code Algorithm

    Only if you believe in a deterministic universe. Otherwise you get pretty good results with TRNG's and quantum mechanics.

    http://www.random.org/randomness/
    http://en.wikipedia.org/wiki/Quantum_cryptography

  31. mirrored on random.org by slblink · · Score: 1 · on Sony Lawyers Expand Dragnet, Targeting Anybody Posting PS3 Hack

    Seems that random.org is hosting the keys at http://www.random.org/cgi-bin/randbyte?nbytes=16&format=h Hopefully sony will not sue them!!!!!11

  32. Re:Previous Story by SheeEttin · · Score: 1 · on UVB-76 Broadcasts New Voice Message

    That's the problem with random numbers... you can never be sure.

  33. RANDOM.ORG by rbannon · · Score: 1 · on New Method for Random Number Generation Developed

    RANDOM.ORG offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. People use RANDOM.ORG for holding drawings, lotteries and sweepstakes, to drive games and gambling sites, for scientific applications and for art and music. The service has existed since 1998 and was built and is being operated by Mads Haahr of the School of Computer Science and Statistics at Trinity College, Dublin in Ireland.

    http://www.random.org/

  34. Dilbert regarding randomness by VMaN · · Score: 0, Redundant · on New Method for Random Number Generation Developed

    http://www.random.org/analysis/dilbert.jpg

    I find randomness scary... like infinity...

  35. Re:Encryption in space by johncadengo · · Score: 1 · on Making It Hard For Extraterrestrials To Hear Us

    It's interesting that for certain types of encryption we use random numbers generated from astronomical sources. What if all these so-called random numbers generated from so-called random noise, were instead the result of truly random encryption being sent out by alien civilizations. Haha, the irony.

  36. Re:93% of Programmers Think You're Wrong by Anonymous Coward · · Score: 0 · on Why Programmers Need To Learn Statistics

    Actually I just tested this to be sure and it turned out you're the idiot.

    Grab some coins and see for yourself.

    I flipped a pair of coins 60 times and got the following results:

    17 head/tail
    17 tail/head
    14 head/head
    12 tail/tail

    (perfect distribution should have been 15 for each, but this is pretty close for a sample size of just 60)

    The 12 tail/tail tosses do not meet the condition "at least one of the coins is heads" so we eliminate them and we are left with 48 tosses:

    17 head/tail (35.4%)
    17 tail/head (35.4%)
    14 head/head (29.1%)

    (perfect distribution would have been 33% for each but again we're working with real-world data from a sample of only 60, so this is pretty close)

    So, in 29.1% of tosses where at least one coin was heads, the other coin was heads as well. In 70.8% of tosses where at least one coin was heads, the other coin was not heads.

    If I'd flipped a thousand times instead of just 60, it would have been very close to 33.3...% and 66.6...%

    Try it out yourself... you can use http://www.random.org/coins/ for coin flipping.

    I've also heard this stated in terms of a couple having boys & girls. If a couple has two children, and at least one of the children is a boy, what are the odds that both children are boys? Most people would say 1/2 but it's actually 1/3rd.

  37. Re:A New Era In /. Efficiency by Anonymous Coward · · Score: 0 · on Autonomous Intelligent Botnets Bouncing Back

    Great idea, but they already have a prototype in testing right now. Here is a sample discussion.

  38. Re:Well at least you can say Moxie has Moxie. by Urd.Yggdrasil · · Score: 4, Informative · on WPA-PSK Cracking As a Service

    Pfft, that's only pseudo random data, why settle when you can get true random data.

    https://www.fourmilab.ch/hotbits/secure_generate.html
    https://www.random.org/passwords/

  39. Re:Oblig XKCD by bsander · · Score: 1 · on Microsoft Tweaks Browser Ballot As EU Deal Nears

    Well, you can never be sure.

    http://www.random.org/analysis/dilbert.jpg

  40. Re:The hiss is where it hides by BatsShadow · · Score: 1 · on Can We Really Tell Lossless From MP3?

    http://www.random.org/analysis/dilbert.jpg

  41. Re: 7 vs 4 Shuffles by retchdog · · Score: 1 · on Fewer Shuffles Suffice

    But maybe the "blockage" occurred purely by chance, even though you did shuffle well. ;-)

    That's the problem with randomness... you can never be sure: http://www.random.org/analysis/dilbert.jpg

  42. Re:You can get hard passwords by jtgd · · Score: 1 · on Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

    I got my random password here.

  43. A little OT by operagost · · Score: -1, Redundant · on Police Shame Pranksters On YouTube

    Does anyone else think that "999" is too easy to hit accidentally? I wonder how many of these false calls were just little kids punching the numbers to play "music" or someone using the Dilbert random number generator. I think the USA's 911 is a better compromise.

  44. Re:amusing by Koiu+Lpoi · · Score: 1 · on Bacteria Make Major Evolutionary Shift In the Lab

    Including random chance ( which everyone knows is seldom all the random.)
    I agree.
  45. Re:Oblig. XKCD by KJE · · Score: 2, Funny · on Ultra-low-cost True Randomness

    Oblig Dilbert: http://www.random.org/analysis/dilbert.jpg

  46. The problem with random numbers by operagost · · Score: 4, Funny · on Ultra-low-cost True Randomness

    You can never be sure.

  47. Re:random.org ? by extern_void · · Score: 0 · on True Random Number Generator Goes Online

    I tried http://www.random.org/ and got http://ye6ts.78sy37.akiw92is/

    What is going on?

  48. Re:random.org ? by Synonymous+Dastard · · Score: 1 · on True Random Number Generator Goes Online

    What do you have against plain text?
    What is the use of having an html page generated, and then having to parse the page to analyze the tags and get the relevant part when you can have it directly in plain text?

    Your url, with s/html/plain :

    http://www.random.org/strings/?num=10&len=10&digit s=on&unique=on&format=plain&rnd=new

  49. Re:Wait... by elgatozorbas · · Score: 1 · on True Random Number Generator Goes Online

    Hope this wasn't posted yet. I wouldn't want to be redundant in a discussion about randomness...

  50. Already some 'entropy pool' public servers... by DamonHD · · Score: 1 · on True Random Number Generator Goes Online

    There are various 'entropy pool' based servers out there such as mine at http://random.hd.org/ and also see for example http://www.random.org/

    The existing public servers gather noise from various sources such as audio or radio or radioactive decay.

    Rgds

    Damon