Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Is It Random Enough?

Posted by Cliff on from the chaos-from-order dept.

TheCamper asks: "The generation of random numbers is very important in many areas, especially encryption. Pseudo Random numbers created by software is simply not good enough. Many key generation applications ask the user to move the mouse or bang on the keyboard to add to the randomness. You can also purchase a (very expensive) hardware random number generator to make truly random numbers. Wanting the randomness of a hardware random number generator without wanting to pay for or build my own, I was wondering if crinkling cellophane (or the like) into my computer's microphone would be considered random enough for serious encryption key generation." What entropy sources would you use for the generation of strong encryption keys?

2 of 153 comments (clear)

  1. Re:Why not /dev/random by rjh · · Score: 4, Interesting

    /dev/random only has a finite number of bits. It harvests believed-random data from events on the PC. When you exhaust /dev/random, you're out of random data until you get more system events. This is potentially a Really Bad Idea if there are other apps on your machine which also need extremely high-quality believed-random numbers.

  2. Biased coins -- not good enough. by cryptor3 · · Score: 4, Interesting

    One (semi) interesting talk I went to recently brought up the point the scheme described isn't random if the coin is biased.

    And this is a reasonable possibility, because you don't know if the coin weighs exactly the same on both sides, or maybe you're really good at flipping heads.

    In order to get unbiased results, there's a simple protocol that will guarantee a non-biased random result. Suppose the probability of heads is p. Then the probability of tails is (1-p).

    Flip the coin twice.
    a. If it comes up heads the 1st time and tails the 2nd, call it a 1.
    b. If it comes up tails the 1st time and heads the 2nd, call it a 0.
    c. If it comes up heads both times or tails both times, re-run the trial until you get one of the first two.

    If the coin flips are assumed to be independent, then the probability of events a and b are p*(1-p) and (1-p)*p, which are equal.

    There are improvements on this scheme which output more random bits per trial (it reduces/removes the probability of the outcome c where your result is inconclusive).