Slashdot Mirror
LavaRnd: A Open Source Project for Truly Random Numbers
Phil Windley writes "Truly random numbers are crucial to good encryption.
Most people have heard of Silicon Graphic's use of Lava Lamps to generate random numbers. There were some problems: it required special SGI hardware and software along with six lava lamps, and the solution wasn't portable. But the biggest drawback was that SGI patented the idea so it wasn't freely available. Now, some of the scientists behind the SGI random number system have create LavaRnd, an open source project for creating truly random numbers using inexpensive cameras, open source code, and inexpensive hardware. The system uses a saturated CCD in a light-tight can as a chaotic source to produce the seed. Software processes the result into truly random numbers in a variety of formats. The result is a random number that is crytographically sound, ranking at the top of its class in the NIST 800-22 Billion bit test. Its even portable, so the truly paranoid can take it with them when they travel."
1, 2, 3, 4, 5, 6
Talk about random...
Anyway, my idea for an open source number generator is to have people on slashdot post the first number that comes to mind in this thread. I don't know if it could get more random.... (patent pending)
NMG
"But, sir, I need this lava lamp for my cubicle! It's required for encrypting our company's secrets. I also need the black light, for, uh... stopping pop-ups."
... "truly random numbers in a variety of formats" ...
Think about that for a second.
Site's already /.'ed.
You can nab the code off sourceforge though:
http://sourceforge.net/projects/lavarnd
That being said, could you not measure the exact voltage on a CPU, or the ambient temperature to several decimals, or other environmental conditions, then use that as a base?
***
Radio Shack. You've got questions...we've got blank stares(TM).
That ain't Pi! This is Pi!
3.141592653589793238462643383279502884197169399375 1058209749445923078164062862 08998628034825342117067982148086513282306647093844 6095505822317253594081284811 17450284102701938521105559644622948954930381964428 8109756659334461284756482337 86783165271201909145648566923460348610454326648213 3936072602491412737245870066 06315588174881520920962829254091715364367892590360 0113305305488204665213841469 51941511609433057270365759591953092186117381932611 7931051185480744623799627495 67351885752724891227938183011949129833673362440656 6430860213949463952247371907 02179860943702770539217176293176752384674818467669 4051320005681271452635608277 85771342757789609173637178721468440901224953430146 5495853710507922796892589235 42019956112129021960864034418159813629774771309960 5187072113499999983729780499 51059731732816096318595024459455346908302642522308 2533446850352619311881710100 03137838752886587533208381420617177669147303598253 4904287554687311595628638823 53787593751957781857780532171226806613001927876611 1959092164201989380952572010 65485863278865936153381827968230301952035301852968 9957736225994138912497217752 83479131515574857242454150695950829533116861727855 8890750983817546374649393192 55060400927701671139009848824012858361603563707660 1047101819429555961989467678 37449448255379774726847104047534646208046684259069 4912933136770289891521047521 62056966024058038150193511253382430035587640247496 4732639141992726042699227967 82354781636009341721641219924586315030286182974555 7067498385054945885869269956 90927210797509302955321165344987202755960236480665 4991198818347977535663698074 26542527862551818417574672890977772793800081647060 0161452491921732172147723501 41441973568548161361157352552133475741849468438523 3239073941433345477624168625 18983569485562099219222184272550254256887671790494 6016534668049886272327917860 85784383827967976681454100953883786360950680064225 1252051173929848960841284886 26945604241965285022210661186306744278622039194945 0471237137869609563643719172 87467764657573962413890865832645995813390478027590 0994657640789512694683983525 95709825822620522489407726719478268482601476990902 6401363944374553050682034962 52451749399651431429809190659250937221696461515709 8583874105978859597729754989 30161753928468138268683868942774155991855925245953 9594310499725246808459872736 44695848653836736222626099124608051243884390451244 1365497627807977156914359977 00129616089441694868555848406353422072225828488648 1584560285060168427394522674 67678895252138522549954666727823986456596116354886 2305774564980355936345681743 24112515076069479451096596094025228879710893145669 1368672287489405601015033086 17928680920874760917824938589009714909675985261365 5497818931297848216829989487 22658804857564014270477555132379641451523746234364 5428584447952658678210511413 54735739523113427166102135969536231442952484937187 1101457654035902799344037420 07310578539062198387447808478489683321445713868751 9435064302184531910484810053 70614680674919278191197939952061419663428754440643 7451237181921799983910159195 61814675142691239748940907186494231961567945208095 1465502252316038819301420937 62137855956638937787083039069792077346722182562599 6615014215030680384477345492 02605414665925201497442850732518666002132434088190 7104863317346496514539057962
I won't bore you with the laundry list of other problems that I've encountered while working on various SGI lava lamps, but suffice it to say there have been many, not the least of which is I've never seen a SGI lava lamp that has run faster than its 1960s counterpart,despite the SGI lamp's smaller viscosity. My lamp with runs faster than this SGI lamp at times. From a productivity standpoint, I don't get how people can claim that the SGI LavaRnd is a "superior" machine.
SGI addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a SGI over other faster, cheaper, more stable systems.
...
...
start with radioactive material...
... hi bingo
A Open Source Project for Truly Random Numbers
cause random n's to be dropped from sentences ?
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Its even portable, so the truly paranoid can take it with them when they travel.
that if one were truly paranoid they really travel in this day and age?
I always wondered what was behind some of the moderation decisions I've been seeing!
Don't blame Durga. I voted for Centauri.
audio circuits often use diode junctions in reverse-breakdown mode as a source of "white noise". couldn't we computer folks do the same? seems a similar idea to the the dark CCD technique.
I'm not a math guy. At all.
So forgive me if this is dumb or not the right idea.
But why not just use a sensitive microphone listening to the ambience in a room to "seed" some sort of algorithm?
The only numbers that generates is 42,69,503,and 23. I figure in 2 more posts you might get 17 too.
-Looking for a job as a materials chemist or multivariat
For generating random numbers: A quarter in my pocket and a lot of free time.
I had a friend that 5 or 6 years ago used the "white noise" from his SB 16 to generate random numbers. Wouldn't this be much more portable than a lava lamp? -Matt
Lava lamps? Damn hippies.
Unless the random-number generator is built outside of our Universe, it can't generate truly random numbers. Only pseudo-random ones. As it stands, there will always be something influencing the result. Fortunately for us, pseudo-random numbers are impossible to differentiate from random ones and are random enough to serve our purposes anyway.
Support the First Amendment. Read at -1
I just used LavaRnd's Lotto Number Generator with default values and it returned:
1, 2, 3, 4, 5, 6
That's the same combination I use on my luggage!
going back to the original idea, how cool would it be to have a lava lamp inside the case, maybe helping out all those heatsinks by converting heat into lava-moving power...with a window so you can see it as it generated all the random numbers you needed.
"Anyone who considers arithmetical methods of producing random numbers is, of course, in a state of sin."
--John von Neumann
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
Best read in good ol' Monaco 9 point.
Nothing is truly random about a lava lamp, or even the fractals on a leaf. "Randomness" as we understand it has always been about complex order and large numbers. Meaning, it's too complex for us to see the pattern and the statistical possibility of numbers occuring in a measurable pattern over time is extremely low.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
The Apple ][ computers used the pause between keystrokes, measured much more precisely than necessary and disregarding all but the last 8 bits, as an attempt at an analog random number seed for their psuedorandom number generator. Very simple and effective and I haven't seen many implementations of better systems around. One side effect was that if you had a program which ran off the boot disk with no keystrokes, it would do the same thing every time, no matter how improbable that was...
It's psychosomatic. You need a lobotomy. I'll get a saw.
123456? That's the combination of my luggage. I need new luggage!!!
503 ;-)
>so the truly paranoid can take it with them when they travel."
pfftt, like there is anyone on Slashdot that is paranoid.
I've always wondered if the double-slit experiment, in a particle mode, would be a good way to generate random numbers.
The phenomena (for those unfamilar with it) is putting two closely-spaced slits in a piece of paper and then shining a light through it. You end up with a spreading fringe of light and dark patterns, as the light waves coming through the slits interfere with each other.
Where it gets spooky is when you drop the light source down to where it emits photons one at a time -- they *still* interfere with each other, even though there aren't any other photons present at any given point to interfere with.
Anyway, I seem to recall that the place where each photon ends up is random. So why not put a low-power, stream-of-single-photons light source on one side of the double-slit, and a pair of sensors on the other side? Label one sensor "0" and the other "1" and interpret the strings as binary numbers. Convert (and optionally send them through a bit blender) and you're done.
I'd think this could be manufactured in a small chip-like package, and made a standard motherboard component.
Has anyone investigated this approach? If so, I'd be curious to hear what their results were (and if it turns out not to be as random as one would like).
, no matter how improbable that was
Ford, you're turning into a penguin. Stop it.
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
This will produce a truly random signal (white noise) which is completely unpredictable. $0.05 solution + $2-5 in external components is all you need.
I'm not a radio expert... but theoretically, couldn't a system like that be attacked by beaming out a strong known signal with limited range on the frequencies (or possibly spill across a broad spectrum) utilized by the random system? Then the attacker could guess the random series since it forced the generator to use a known seed.
At least an optical system is tougher to interfere with since the local user knows what the camera is looking at.
======
In X-Windows the client serves YOU!
Answer: none of them were random; all of them chosen by you off the top of your head. There are important mathematical differences between these two cases. What you have given is sets of "arbitrary" numbers, rather than "random" numbers.
Now, if you'd asked which of the sets could be generated randomly, then the answer is all of them, given a generator function with the correct output range.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
What about radiation? I remember way back in physics using a piece of radioactive material in front of a sensor connected to a computer to generate a large number of random numbers. It would be fairly easy to use a small piece of Californium such as is in a smoke detector connected to a sensor. The time between radioactive particles should be random enough and it is small enough to fit anywhere.
Pi is exactly 3!
For more information, click here.
How about transmitting a signal through some form of changing medium? Really, with the lavalamp approach, all that fancy webcam stuff isn't needed. How about just using a lavalamp type setup with various different floating substances (density, reflectiveness, etc) and shooting some for of beam through it at various areas - calculating the number based on the returned signal?
You don't really need a lavalamp for this either, passing an electrical signal over a short arc-gap, perhaps filling with a changing substance would probably also product random voltage fluxation.
Of course, the real issue is making randomness with a large range (1-100% with many many decimal points) and a large enough variability (that is, any decimal number between 1-100% having an equal opportunity for occuring at any particular interval).
I'm thinking that in electrical and biochemical reactions there would also be a lot of randomness, the wide-universe and entropy and all considered?.
"The Antaur also ships with Via's "Padlock" feature, a random-number generator that actually produces "true" random numbers by measuring random components of the thermal energy produced by the chip, according to its designer, Glenn Henry. RNG generators can be used to develop true randomized cryptographic keys."
Actaully it can't change instantaneously (in no time), which shouldn't matter since you can't sample this analog source infinitely fine anyway. Provided your sampling period is large enough the samples could change from lowest to highest in a single sample.
the truly paranoid can take it with them when they travel.
Oh, that just what you'd want us to do isn't it???
JET Program: see Japan, meet intere
The original motivation for random number generators was simulation. One of the early mainframes, and I am afraid I forget which one, included a true random number generator. It was an unexpected disaster, totally unusable for simulation and other then-state-of-the-art users of random numbers. They were "too random".
It turns out that for an experiment to be useful it need to be repeatable. Thus, it was critical that users be able to repeat the sequence of "random" numbers. Thus the reason why all random number mechanisms permit you to set the seed... otherwise they could just use a sufficiently random seed and life would be good.
Another aspect of random number is that they must not only be "random", but they need to have a well defined distribution over the range of possible values. You might assume it is desirable to have a linear distribution, which IS useful in some settings, but other distributions ("bell curve", and exponential come to mind) are also extremely useful.
IF one has a real need for truly random numbers, the source for those number does need to perform to a certain distribution over the range of possible values. And it can not be used to the exclusion of the existing techniques which have been extremely useful in their intended problem domains. This is really just another case of a good solution in one problem domain being used in another without its underlying foundation being examined for applicability to that new problem domain.
[Patent Pending]
The system you propose is a form of one time pad. While it works in theory, it is not the application needed here. Random numbers are needed in streams where there can be no pattern known or logical pattern findable. How many ways can you think to scratch a CD? Up and down, right and left, circles? With this sort of information you could start to predict the general "form" of the number. Besides, when you need a stream of numbers it needs to change over time. The CD is scratch once use once.
When designing and building a physical cryptographic strong random number generator (CSRNG, not CSPRNG) you are looking for many things including:
* a uniform or near uniform distribution of the output.
* it must be unpredictable
* it should be very hard / impossible for attacker to influence the output of the CSRNG.
The first two are reasonably easy with physical RNG, but the last one is the kicker when it comes to actually implementing the CSRNG.
The attacker shouldn't be able to influence it by poking a pin-hole in the case (of a light sealed chamber around the CCD), or putting a heat source next a lava lamp (so the goo stays at the top)
Nearly every PC also has a sound interface that could also be used as a rich source of random seed bits. You don't even need a microphone; just crank up the gain and digitize the analog noise in the microphone preamp.
All you need a is good source of Brownian motion. Say a good hot cup of tea...
I assert that my comment is only my opinion, not that of any employer, past, present or future.
creating truly random numbers using inexpensive cameras
Fussy nitpick:
As a matter of principle we shouldn't talk about "true" random numbers. Even if you have a source of quantum randomness (the best you can do), in any practical scheme there will always be differences in how 0's and 1's are detected. The impact of these differences can be minimized through careful design, but they will always be there and will cause a departure from an exact 50/50 split of 0's and 1's.
For example, an attenuated laser passing through a simple 50/50 beamsplitter and into 2 single-photon detectors is far better than a lava lamp. But no beamsplitter is exactly 50/50, and this will cause an excess of 0's or 1's. (You could adjust the detection efficiency or optical alignment of the detectors to compensate, but the point is that this is a manual adjustment that will never result in exactly zero bias.) And no amount of algorithmic hashing or obfuscation can eliminate this bias (although it may reduce it significantly).
It will always be the case that any practical system for generating bit sequences of length N will never generate them with a frequency of exactly 2^(-N) each (in the limit of an infinite number of trials), and with zero correlation between successive bit sequences. "Truly" random numbers are an unattainable goal.
"Its even portable, so the truly paranoid can take it with them when they travel."
Which one of this is the most likely: - someone manages to get your low-class 'pseudo' random number by extrapolating the exact time of the system clock and the contents of your memory etc. and running it through the algorithem. Someone manages to predict or find your mouse movements by the indents on your mouse mat and the use this to get the same random number you created by moving the mouse in the box. Someone looks over your shoulder and reads the information/password you were trying to hide?
All this assuming you arnt in star trek
This comment does not represent the views or opinions of the user.
I use porn in a dimly-lit room to produce the seed. To each his own.
High geek-factor aside, this seems way to complex for the simple task of generating random numbers.
Why not have a simple electronic circuit (it's been years since I've done any circuit design) that's balanced so that thermal noise produce ticks. Stick a USB interface on it and there you have it. A device you could carry in your pocket.
You need an SGI with at least two CPUs to take advantage of the superior LavaRnd abilities! Also, dump Netscape for Mozilla!
Your home PC LavaRnd setup may be able to generate a large random number faster than the SGI-based one... but the SGI LavaRnd has the architecture to generate many concurrent random numbers. It also has the ability to easily handle high definition random numbers without chugging!
=)
Lava lamp? Nah.. Real geeks use this
2. Play with it to discover what will turn out to be a normal distribution curve of frequency response.
3. Connect an A/D/RS-232 converter to it.
4. Blow at it, recording the white noise.
5. Employ compensation for the resonance, shuffling and compression at will--all in software.
6. Call it good.
The hedonic value should be high enough to leverage OSS on sourceforge more quickly than pr0n (even). Neglecting software development costs and software "mass production costs" (smirk), the project should cost $30 in quantities of one.
Hey, should we skip step one? (shrug) If we do, then I'm sorry I said this was too cushy. I lied. ;-)
Why not use the bingo number tumbler for the seed?
---
Lousy rotten karmic retribution.
As far as I know, a run of numbers has never won the lottery, so this is your chance. The run is more likely to come up, since one hasn't already, in all this time.
oh, wait...
It seems to be that by our common definition of random, random numbers are in fact impossible. So I am wondering what the definition we are working with regarding random number is?
IMO, I think one stipulation of a true "random number" is that part of the seed has to be externally derived. I.e. in any closed system numbers cannot be truly random. This means doing things using as a seed, the previous random number hashed with the MD5SUM of the system time along with some external information which is unknowable by an attacker or other program. Mouse or keyboard activity, network traffic in some cases, maybe even an MD5SUM of the total range of I/O address ports...... Of course, that would have to be kernel level.
LedgerSMB: Open source Accounting/ERP
When I was in grad school (for mathematics), I took a course on probability. On the first day, the Prof gave an assigment for half the class to create a list of 100 random numbers using dice (actually one die). The other half of the class was to create the same list (numbers between 1 and 6), but without using any dice. The Prof then put all the pages in a pile, and was able to perfectly separate the pile based on which method was used to create the page with only a quick glance at each page.
We later learned that he was able to separate them by looking at runs of numbers. For a list of 100 uniformly distributed numbers (between 1 and 6), there is a very high probability (90% or greater) that there will be a consecutive run where the same number occurs 5 or 6 times in a row. But the people that manually created their list will almost never add such a run, because it doesn't seem "random" enough.
What is really "random" is a very hard question that has occupied many brilliant people over the last century.