DIY Random Number Generator

Compu486 writes "The guys over at Inventgeek have come up with a project and how artical on building a random number generator that is less than 100.00 utilizing radioactive decay. Using some Linux based open source apps and with a little ingenuity and some parts you probably have laying around your house you can build your own."

Not as geek but safer

[click2005]

This project seems to work well... http://www.lavarnd.org/

Here's the money graph

[patio11]

>>
  One of the applications I have envisioned for this project is a cheap and easy genuine random number generator. True random numbers in computing are nearly impossible, and successful solutions are very expensive systems based on radioactive decay or atmospheric measurements, for example. Using a small / relatively safe radioactive source and a high res CCD or CMOS sensor and assigning a value to each pixel and perhaps mixing in an algorithm or two with an inexpensive practical PCI card that is capable of generating genuine random numbers. Applications that could greatly benefit from this would be encryption, security applications, Computer AI and the Gambling establishment to name a few.
>>

Actually, no, none of these really benefit from "truly random numbers". The applicability of randomness to AI is... spurious at best? For gambling, you just have to be reasonably sure that someone can't predict in advance what your random sequence is going to be, and the Mersenne Twister plus any unknown piece of data as a seed is good enough at resisting everything our current understanding of mathematics can throw at it. (Yes, thats security through obscurity... in the same way that hiding your server behind locked doors, a firewall, and a secure password is security through obscurity. Its both necessary and sufficient.)

Encryption, similarly, would not benefit from transitioning from an "almost perfect" pseudo-random generator to a "perfect" random generator. For your security to fall based on random numbers, someone needs to be able to not just come up with a theoretical imperfection (ahah, 200 million runs of this random number generator and you'll notice it slightly skews away from these five integers!) but have to crack it wide open. Yay, yawn.

Now, radiation + poorly understood mathematics = geek high, I know. But in terms of practical application this gets a near zero.

Clarification regarding Twister

[patio11]

P.S. Clarification: if you're using the Mersenne Twister in a *real life* application that plus a seed value is good enough for a gambling application. For example, if you're generating nice big integers and then taking %6 to get the value of a die or using them to shuffle one or ten or a hundred decks of cards. If, on the other hand, you have some contrived game where you are passing the output directly to the player and continue in the same sequence for a rather improbably long time a player could figure out what sequence the Twister was on and then successfully predict all numbers in advance. But this is one of those earn-you-bonus-points-with-your-CS-professor-and-n ever-use-again pieces of trivia, because in the real world you have to basically design the system to fail for it to fail in this manner.

Re:Old-school

[Jerf]

Yes, but the programs that use this don't use just the key distribution. First, they also use the time the keystrokes occur, which is reasonably random.

Second, you can measure "how random" something is (for suitable definitions of "random") by measuring its "entropy", which is a measure of how many "random" bits is in a given input. The entropy of English text is 1.1 to 1.6 bits per character, which means to safely obtain a 128 bit key from a bit of English text you need almost as many characters as you want bits. "Smashing on the keyboard's" randomness will probably vary even more, from perhaps as low as ~.5 if you smash poorly to 2.5-3 if you smash "randomly", but you also get the entropy from the timing information, which if you use a very-high-resolution clock contributes several bits itself.

So, basically, this "statistical analysis" problem is extremely well known, and very well quantified, down to the fractional number of bits of randomness that you can extract from a bit of text. Since these fractional bits can just be added together (four "English text characters" at 1.5 bits apiece gives you 6 strongly-"random" bits), the solution turns out to be very simple: Smash on the keyboard longer, until you've got at least as much entropy as you have bits. Voila, a strongly-random key suitable for almost all purposes. (It probably is suitable for all purposes, but taking a key from radioactive decay has the advantage of letting you know the key is random, whereas with this technique you can only be "very, very, very sure".)

Handled properly, it's not a problem.

Many, if not most, modern systems will also maintain an "entropy pool" at the OS level, which uses interrupt timings and other such events to feed the pool, which can then be drawn on by programs in lieu of reading the keyboard directly. This works nicely, and among the inputs used is keyboard and mouse events.

The nice thing about the entropy pool is the input can really come from anywhere. It doesn't have to be totally random to contribute, it just can't be totally predictable.

Don't try this at home, folks!

[iansmith]

A few things of note about dealing with smoke detector sources.

First, removing the source from a smoke detector is illegal in the US. I'm not aware of anyone being put in jail for doing it, but with the state of affairs currently I would not go posting the fact that you did it all over the internet.

Second, those sources can be very dangerous if mishandled. The source is coated in a THIN layer of gold and/or silver.. only a few atoms thick. If you touch it with anything you will break the seal and contaminate the object. If you then happen to touch it, you have a good chance of ingesting or inhaling it. This is bad. Am-231 is what is called a bone-seeker. It will be used in new bone growth and eventually kill you by causing bone tumors and other cancers.

Now with a little care you can be pretty safe, but the article in question should have been a little more explict about the dangers involved here.

Re:Why not using a live webcam?

[amliebsch]

This has actually been done, using the fluctuations of lava lamps as a photon seed. http://www.lavarnd.org/