New Method for Random Number Generation Developed

Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."

This is a random comment.

[MillionthMonkey]

uixon8wg2gvw

Re:This is a random comment.

[Pete+Venkman]

No non-alphanumerics? You call that random? My grandmother can do better than that!

Re:This is a random comment.

[courteaudotbiz]

Just half random: The title isn't.

Re:This is a random comment.

[MillionthMonkey]

Your grandmother can generate non-alphanumeric random characters?

Man, no wonder you're here.

Re:This is a random comment.

[courteaudotbiz]

Depends on the scope. If you want a random "comment", the scope of characters used is alphanumeric, with some punctuation.

If you want a random binary sequence, the ASCII result would less likely be readable.

If you want a random number, chances are you'll get only digits.

Re:This is a random comment.

[dkleinsc]

And the half that is random is not very random, given that it's relatively short, all lower-case letters and digits, and emphasizes keys that can be found towards the middle of a QWERTY keyboard.

Re:This is a random comment.

[koiransuklaa]

How can you tell?

Re:This is a random comment.

[MillionthMonkey]

The set of all random numbers does not exclude "non-random-looking" numbers. I just cherry-picked one for you.

Re:This is a random comment.

He's here because his grandmother can generate babies.

Re:This is a random comment.

[TheCarp]

Still? Damn, my mother can't even do that anymore. I don't even want to think about my 87 year old grandmother giving it a try.

Re:This is a random comment.

[Martin+Blank]

You bring this up as a humor point, but it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. For example, if a 4-digit pre-generated PIN is not allowed to use certain sequence types such as sequential, all the same, paired pairs, etc., it may take a fair slice out of the available keyspace (not sure that's the right word, but it's close enough), at least enough to narrow down the ambiguity in case some hints about the PIN are known by an attacker.

It's less of a problem with longer passwords, as the maximum entropy for a given entry expands while patterns take smaller bites out the available space, but it does reduce the possible entropy slightly.

It also reminds me of a Dilbert strip where he visits the accounting trolls, and they take him to their random number generator, which is another troll saying, "9... 9... 9... 9..." Dilbert asks if it's really random, and the first troll says, "That's the problem with randomness: you never really know."

Re:This is a random comment.

[SilverHatHacker]

Humans tend to define 'random' as being evenly distributed, to the point that if you ask a group of twenty people or so to space themselves randomly around a room, they will end up the same distance away from each other. It's probably more likely for the elements in a true random sequence to be similar to each other than for them to be evenly divided.

Re:This is a random comment.

[courteaudotbiz]

It's obviously not random, except if we fell on the 1 chance in a 1.51e10^36 that this comment is totally random, considering a choice of 28 characters over 25 characters long (considering "space" and "." in the charspace), and not considering the chances that the comment may have been randomly longer or shorter.

Re:This is a random comment.

[KevinKnSC]

It could be a random number base64 encoded.

Re:This is a random comment.

[Kozz]

Indeed. I listened to a podcast a while back in which Robert Krulwich (RadioLab?) discussed randomness with a researcher and how we think about randomness.

A scientist he interviewed stated that she assigned tasks to several different teams. For one team, she instructed them to flip a coin some fixed number of times (perhaps 100) and to then report the sequence of heads and tails (H H T H T T H T T T etc). For the second team, she instructed them to NOT flip a coin, but to simply write down a sequence that they think might be produced by the flipping of the coin. The teams each present their report, and she is not told which list was generated by which means.

However, she said it was easy to spot the "human" generated list, because it rarely contained a sequence of more than a few sequential entries of H H H H, for example. Whereas the truly random list might have even up to NINE sequential heads or tails. The average human just couldn't fathom such a "random" sequence [mathematicians excluded, naturally].

Re:This is a random comment.

[oji-sama]

How about this as random?

Sr5&8w796Z6W9mVVM7HAuv43Yg8D523QwTf25646@SEKKEP3#m2t3f@2ap95295437852^5262S*qMK#b&B#^aXbxNfRQudSCz9P

Sort of looks like there are groups of character-types, but I guess it could be random.

Re:This is a random comment.

[Martin+Blank]

It sounds like you're thinking about user-selected PINs, and I'm thinking of pre-generated PINs. Instead of 10,000 PINs, it may drop to 9000. But more importantly, consider someone observing the PIN entry but from an imperfect vantage point. Knowing what is valid and what is not may remove some possible options, making possible a more educated guess at the actual PIN.

Re:This is a random comment.

[TheRealMindChild]

The problem ultimately comes down to what one's definition of "random" is. Most people like to think of random like a deck of playing cards... you must go through each unique one before repeating a number a second time.

Personally I like what I call "dice random" where there IS the possibility that you can roll the same number an infinite amount of times in a row.

When discussions like this come up, this is the main point of argument because everyone has their own idea of what random really is. Let us focus on that, give them proper terms, then start these discussions over again.

Re:This is a random comment.

[maxwell+demon]

How about this as random?

Sr5&8w796Z6W9mVVM7HAuv43Yg8D523QwTf25646@SEKKEP3#m2t3f@2ap95295437852^5262S*qMK#b&B#^aXbxNfRQudSCz9P

Sort of looks like there are groups of character-types, but I guess it could be random.

Actually anything could be random, because by its very nature a random process can create anything, including "Sort of looks like there are groups of character-types, but I guess it could be random."
However, it's still much more likely that you intentionally wrote that sentence, that that it just happened to be generated by a random process.

Re:This is a random comment.

[bmckeever]

> it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. [...] it may take a fair slice out of the available keyspace

This is true, and could be a problem if everyone's PIN were randomly generated. Since most PINs are selected by users and conform to a known, decidedly non-uniform distribution, this actually makes sense. If it's known that e.g. 1234 is over-represented in the pool of PINs, that would be one of the first ones an attacker would try. Therefore, it makes sense to filter that out. But note that it's the over-representation of the PIN and the fact that attackers are aware of this skew that makes it worth avoiding, and not anything inherently insecure about "runs" or "pairs".

Re:This is a random comment.

[JamesP]

Actually, this is a very important issue

Nazi German forbid 'non random looking' "passwords" (I believe it's a 3/4 letter combination) so things like AAA, ICH etc were banned as a message password in Enigma machines.

Back in England, code breakers took this into account simplifying (significantly) password breaking.

Re:This is a random comment.

[azmodean+1]

Only if you assume that the users will not now use a new set of 100 PINs. Additionally if you disallow easily-remembered PINs or passwords, the users will be forced to use less secure means of remembering their passwords, thus making the system as a whole easier to subvert.

"forcing" users to change their passwords is a particularly pernicious version of this, where while the user may have been happy to remember two rotating passwords, once the number of passwords in the disallowed history becomes larger, they tend to do things like adding an incrementing tag like password1 password2 and so on, and you are also increasing the risk that they will just start writing down a password, or emailing it to themselves plaintext, or otherwise making the chance of a compromise much higher.

If you are serious about securing a system instead of just making things more complicated, you need to seriously consider user-friendliness of the system, for example allowing a relatively long passphrase is a much better way to increase keysize than forcing your user to conform to some seemingly-arbitrary requirements like, "Your password must be between 8 and 15 characters, with no underscores, dashes, or spaces, but it must include at least 2 numbers and 1 special character". Also incompletely specifying your password rules is extremely non-user-friendly, for instance leaving out the "no spaces" requirement in the instructions provided to the user, but enforcing the rule by rejecting the password if it does contain spaces.

[rant]Also whoever came up with the idea of the "chose 3 from this list of completely random questions about yourself that you may or may not remember the precise answer to in two days, much less two months that we will demand that you answer every time that you log on to the system from a new computer" needs to be shot in the face repeatedly. Generally I can only find one of those at most that I actually have a concrete answer to that I will be sure to enter correctly, and those are almost always the ones that should definitely not be on the list, like "what is your mother's maiden name" or, "what is your favorite password"[/rant]

Re:This is a random comment.

[oji-sama]

Actually anything could be random, because by its very nature a random process can create anything, including "Sort of looks like there are groups of character-types, but I guess it could be random." However, it's still much more likely that you intentionally wrote that sentence, that that it just happened to be generated by a random process.

Indeed. It could be random, but I thought that it looks a bit pseudo-random, considering the apparent character space and the length of substrings of single character type. (Which doesn't prove anything, I know. The probability of getting those sub-strings could be surprisingly high. [at least to me])

Then again, the "How about this as random?" sounds like this was actually generated.

Re:This is a random comment.

[Ambiguous+Coward]

Personally I like what I call "dice random" where there IS the possibility that you can roll the same number an infinite amount of times in a row.

Okay, I want all 1's, an infinite number of times in a row.

Probability of one 1: 1/6. Okay
Probability of n 1's: (1/6)^n. Okay
lim((1/6)^n) as n->infinity: 0. Wait, I thought you said there was a chance this could work!

P.S. Who supplies your dice that can survive an infinite number of rolls? You could make a killing selling those to casinos. Once, anyhow.

Re:This is a random comment.

[pwfffff]

n0-7h15_c0/|\m3/|/T:iZ

Re:This is a random comment.

[veg_all]

Radiolab, yes. Episode called Stochasticity.

Re:This is a random comment.

[Daniel+Dvorkin]

Those are both well-defined types of random sample: the deck of cards is "sampling without replacement," and the die is "sampling with replacement." The probabilistic rules for both are well understood.

Re:This is a random comment.

[Belial6]

Well, it could be worse. I recently logged on to a system that gave me a message that my password selection was invalid, but set my password to the invalid value anyway, and then required me to enter the invalid password into the system to change it. Of course, even though password setting would check the validity of the password AFTER it wrote the password. The login screen checked if the password entered was legal BEFORE checking to see if it matched what had been previously set.

Re:This is a random comment.

[Tetsujin]

> it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. [...] it may take a fair slice out of the available keyspace

This is true, and could be a problem if everyone's PIN were randomly generated. Since most PINs are selected by users and conform to a known, decidedly non-uniform distribution, this actually makes sense. If it's known that e.g. 1234 is over-represented in the pool of PINs

1-2-3-4? That's the combination to my luggage!

Re:This is a random comment.

[Mjec]

sure, limit as n approaches infinity is zero. But it does so from the positive side only, so for all n less than infinity, probability is greater than zero.

Infinity isn't a number like twelve or a googol or ackerman's function called with graham's number as the arguments. It's just that thing which is greater than everything in an infinite set. However, in terms of "an infinite number of dice rolls" the REAL intent of this statement is to talk about any arbitrarily large number of dice rolls. However since the number of dice rolls is always determinable and is necessarily countable, the number of rolls will always be less than inf.

If I wasn't typing on my phone right now I'd give you a formal proof but latex is tough at the best of times.

Re:This is a random comment.

[Beardo+the+Bearded]

My three-year-old was throwing pennies onto the table a few weeks ago. One of the coins landed and stayed on its edge.

Re:This is a random comment.

[Amouth]

It's probably more likely for the elements in a true random sequence to be similar to each other than for them to be evenly divided.

i would say for true random it is equally as likely that the elements would be similar to each other as they would be evenly divided. does this mean that we should mix the 2? but then either way we are influencing the outcome.

1234 - Even
1111 - similar
1144 - mix

if you have a limited space 4^4 (as an example) cutting out similar or evenly divided is going to have a measurable impact on the space.. True random will show the whole space..

I tend to fit with the question "how do you know what random is?"

its a hard question - i think it would be best if we can just come up with a close enough generator where the odds of someone predicting the next key is no larger than the odds of getting that key. (not sure if that phrasing works outside my head)

Re:This is a random comment.

[MartinSchou]

Keep in mind that it's possible for a 15-year-old to be a mother, 30-year-old to be a grandmother and a great grandmother at 45.

And since there are women who have given birth at 60, you could technically be a great great grandmother at 60 AND have a kid who is younger.

Tacky, perhaps, but from a biological perspective you've certainly been successful.

Re:This is a random comment.

[MillionthMonkey]

There are two sets of random numbers:

- The set of all integers
- The set of all reals

Any "random number" can be mapped to an element of one or both sets.

Re:This is a random comment.

[WillDraven]

The set of all random numbers does not exclude "non-random-looking" numbers.

This is true.

I just cherry-picked one for you.

This, however, is not random.

Re:This is a random comment.

[The+Archon+V2.0]

dgt2bwt23tf5

(Compares post and quote.) Damn, it IS a random comment!

Re:This is a random comment.

[Ambiguous+Coward]

Of course, the post I was responding to quite clearly said that one can roll an infinite number of times, so...why aren't you correcting *him*? :P

IF one could roll a die an infinite number of times, THEN the odds of any predefined infinite sequence appearing would be 0? Does that suffice? :P

Re:This is a random comment.

[MillionthMonkey]

wh0oo0oOoO0Os5SH

Re:This is a random comment.

[MillionthMonkey]

Yes but A, C, G, and T are alphanumeric characters.

Re:This is a random comment.

[tbischel]

uixon8wg2gvw

still not good enough to count as a valid password at my company =P

Re:This is a random comment.

[TerranFury]

The thermodynamics-ish idea is that there are more configurations where people are "evenly distributed," so that if you pick a configuration in a uniformly random way, you're more likely to get one of these.

E.g., say you've got a 10x10 grid, and five pennies, and you can put one or more pennies in each grid cell. Furthermore, let's say that we'll define an equivalence relation, so that the order in which pennies are stacked on a cell doesn't matter for configuration counting purposes. Then there are only 100 ways in which all the pennies can be in the same cell, out of 100^5 total configurations.

Still, I am deeply uneasy about the philosophical connections between the mathematical objects we call random variables (which are really completely deterministic) and reality... But nevermind that...

Re:This is a random comment.

[maxwell+demon]

Are you sure one cannot define the concept of a random cardinal number?

Re:This is a random comment.

[cxx]

The comment used to have non-alphanumerics, but slashdot doesn't support unicode.

Re:This is a random comment.

[maxwell+demon]

The claim was that it is impossible to get, because the probability is 0. However, if you could roll an infinite number of times, you'd get a distinct infinite series of numbers. Since every distinct infinite series of numbers gives 0 as limit probability, the conclusion would be that you just rolled an impossible sequence. Welcome in the restaurant at the end of the universe.

Re:This is a random comment.

[Warped-Reality]

This is called "almost surely" or "almost never" in probability theory.

http://en.wikipedia.org/wiki/Almost_surely

While the probability of getting an infinite number on 1's is 0, it's still in the sample space, therefore can still happen (in fact, with an infinte number of coin tosses, any particular sequence has a probability of zero of occurring)

Re:This is a random comment.

[maxwell+demon]

If there is a countably infinite number of dices, the probability is the same as with one die. And allowing any number instead of just 1 multiplies the limit probability by 6 (I'm assuming the condition that all dice show the same number remains). Calculating 6*0 is left as exercise for the reader.

If there's an uncountably infinite number of dice, I'm not sure if the question is well defined.

Re:This is a random comment.

[retchdog]

I do this as a teaching exercise in my intro stats class: give the instructions; split into two teams; leave; and come back in when a student knocks on the door. You can spot the difference almost immediately, with a sequence of about 50 "tosses".

It also shows them that absence of evidence is not evidence of absence. Usually, both of the teams gets approximately 50/50 distribution of H/T (within the margin of statistical significance), so this test is shown inadequate. However, once you write down the run-lengths (i.e., HHTHHHHHTTT -> 2,1,5,3) for each sequence, it's totally obvious to everyone (and can also be formalized by comparing it to a sequence of independent negative-binomial draws).

Note, it's important to split the people into teams. This way, even if one clever/knowledgable person tries to introduce long runs, the rest of the team will shout him/her down. :)

Re:This is a random comment.

[maxwell+demon]

This, however, is not random.

How do you know? He might have picked a random cherry.

Re:This is a random comment.

[Forty+Two+Tenfold]

Keep in mind that it's possible for a 15-year-old to be a mother

It's possible for a 5 year old to be a mother.

Re:This is a random comment.

[Ambiguous+Coward]

Wait, so is our group conclusion here that the impossible is, in fact, impossible? Because I'm okay with that :P

Re:This is a random comment.

[Anci3nt+of+Days]

II - FAIL... no that is just two 1s - proceed.

No random number generator can survive creative interpretation.

Re:This is a random comment.

[Kymermosst]

VGhpcyBpcyBub3QgYSByYW5kb20gcmVwbHkK

Re:This is a random comment.

[MillionthMonkey]

OK, rephrased:

-The set of all integers and all elements of all finite subsets of integers
-The set of all reals and all elements of all finite subsets of reals

Re:This is a random comment.

[lennier]

How hard is it to pick and remember a four digit number of your choice?

Plenty hard enough, if you have to remember say a dozen of those (one for your cellphone, one for your voicemail, one for your banking card, one for your credit card, one for your banking website, one for your Cardax door entry system, one for the alarm system, one for your video store card, one for your DVD player parental lockout, one for your laptop BIOS security lockout... complete the list), and THEN maybe change some of those on a monthly basis.

(Yes, you want them all different, because do you want your cellphone company knowing your company Cardax code?)

That's, what, 32 or more random digits? If they are all PINs rather than passwords? And then if you had say just one of those being changed monthly, that's 48 more digits in a year. With no easy way of memorising them. How big is YOUR trivia brain?

Add in the fact that some of these are essential hardware-based systems storing important life information with perhaps no way of overriding them if you forget the PIN, and that they may also have 'three wrong guesses and you're locked out' security...

This is the recipe for terror and paranoia right there.

It worries me how many IT people think that THEIR system is the only one users have to deal with. Of course it isn't! It's one of dozens to hundreds. So multiply all your 'the users only have to remember this...' silliness by that factor to realise the cognitive load you're creating.

Re:This is a random comment.

[Surt]

Pregnancies at 12 are not terribly uncommon. So you can jump from 4 generations at 60 years to 5.

Re:This is a random comment.

[nabsltd]

2 to the 9'th is 256, so most random sequences would not have had 9 sequential results in a row.

In a world where 2^9 = 256, absolutely anything can happen.

Re:This is a random comment.

[mattack2]

She's a witch!

Re:This is a random comment.

[MR.Mic]

That's the problem with randomness: you can never be sure

Re:This is a random comment.

[arb+phd+slp]

I have the Dilbert comic with this punchline taped up next to all my statistics books:
http://www.testblog.net/gallery2/d/2362-1/dilbert2001182781025.png

Re:This is a random comment.

[stinkytoe]

I remember something called the "M&M" principle from a book i read as a kid. I don't remember the book, though, so any reply as to the source would be appreciated.

The basic principle is this: if you take a jar of red, green and blue indestructible M&M's and shake it for a million years, at any point in those million years there will be huge clumps of red, green and blue M&M's, interspersed with regions of near perfect dispersion. Never (or at least extremely rarely) will the entire jar be entirely evenly dispersed, or as evenly grouped as it was when you started. The explanation for this was that, of all possible arrangements that those M&M's can be in, almost all will show clumps and evenly mixed regions, only a few will be nearly all evenly dispersed or all grouped.

Re:This is a random comment.

[Chris+Burke]

Nazi German forbid 'non random looking' "passwords" (I believe it's a 3/4 letter combination) so things like AAA, ICH etc were banned as a message password in Enigma machines.

Back in England, code breakers took this into account simplifying (significantly) password breaking.

So instead of the usual spy stealing the actual codes themselves, they could instead bring evidence of this policy to Bletchley Park for the code breakers to use. Just a nerdy "Cryptonomicon" take on old WWII spy movies...

Re:This is a random comment.

[Eivind]

True. The same thing happens if you ask a human to draw dots randomly on a piece of paper. They tend to AVOID clustering the dots, i.e. the dots are far too uniformly distributed, there should be some clusters of dots, and some larger areas with zero dots in them, but there tends to be neither.

Re:This is a random comment.

[PIBM]

It would not be zero, as the sum of the probability of every sequence still needs to be 1. It would still be noted 0+ ...

Re:This is a random comment.

[grimdawg]

Your first dot point there is redundant, but whatevz.

More pressing is your assertion that all numbers are real numbers.

Re:This is a random comment.

[grimdawg]

The problem here is the common misconception that 'probability zero' is the same as 'impossible.

It's not! Choose a random real number (again, suppose that you could). Now as yourself, what were the chances of getting that number? They were:

1 in (the number of real numbers, aka infinity, aka 2^aleph_0)

aka, 0. No matter what you do, you'll get something that had probability zero. In most real-world situations, a probability of zero equates to the impossible....but you're the one who brought infinity into this. You can't have your cake and eat it too (unless your cake is infinite).

Re:This is a random comment.

[maxwell+demon]

The cardinal numbers are not a subset of the real numbers, and definitely not a finite one. Indeed, there are more cardinal numbers than reals.

Re:This is a random comment.

[maxwell+demon]

The point is, if you assume that you can roll dice infinitely often, then a limit probability of 0 cannot mean that the sequence is impossible, because whatever sequence you get, you'll have probability 0 for that sequence. That is, the probability of getting a sequence with probability 0 is 1.

Of course, if you take that fact just as proof that it is impossible to roll dice infinitely often, then we don't get any more problems with interpreting probability 0 as impossible.

Well, until someone invents the infinite improbability generator, that is. :-)

Re:This is a random comment.

[u38cg]

One interesting exercise is to use something like R to plot successive psuedorandom numbers from [0,1] against each other. Very quickly, you start to see all sorts of patterns appearing, and you think, "aha! This data is not truly random!" The repeat the exercise with data from random.org, and exactly the same thing happens.

Re:This is a random comment.

[geminidomino]

There are two sets of random numbers:

- The set of all integers

- The set of all reals

Any "random number" can be mapped to an element of one or both sets.

- Any totally ordered set.

Re:This is a random comment.

[DaVince21]

That's exactly 100 characters long.

Re:This is a random comment.

[L4t3r4lu5]

Yes, but only half of it will be observed.

Re:This is a random comment.

[TheCarp]

Someone had pointed out to me a while back that human sexual maturity seems to be regulated by body fat. Feed a female enough fat in her diet, and reaching puberty by age 10 is not uncommon at all. 5 is probably an outlier in any case, I doubt that more than a small fraction of human females can reach puberty by 5.

Then again, I know one who didn't reach it until 19.

-Steve

Re:This is a random comment.

[Ambiguous+Coward]

I most certainly am not the one who brought infinity into this. Read the GP again:

...there IS the possibility that you can roll the same number an infinite amount of times in a row.

(bolded emphasis mine)

All I did was take a crazy claim and rebuff it with an equally crazy claim. How come everybody wants to rag on me and not him? :P

Re:This is a random comment.

[Forty+Two+Tenfold]

http://en.wikipedia.org/wiki/Precocious_puberty

Re:This is a random comment.

[MillionthMonkey]

Complex numbers are numbers too, but any complex number can be mapped to a real number.

i.e. 1.11111... + i * 2.22222... can be mapped to 12.1212121212...

So if you want a random complex number within a certain domain there is a corresponding domain of real numbers from which a random value can be pulled and converted into a complex number.

The sampling may not necessarily be uniform and fair using that simple mapping strategy with the digits, but the fundamental idea remains. There are just as many real numbers as complex numbers.

Re:This is a random comment.

[MillionthMonkey]

Any totally ordered set can be mapped to a distinct unordered set. Just add indices with corresponding buckets to the set, whether the indices are integers or reals.

Re:This is a random comment.

[geminidomino]

You're right. I'd done that reasoning in my head, and then did it again in reverse, got caught on my own shoelaces, and lost track of my brain.

Mea culpa. ;)

Re:This is a random comment.

[TheRaven64]

You can never be sure.

Re:This is a random comment.

[TheRaven64]

Nazi German forbid 'non random looking' "passwords" (I believe it's a 3/4 letter combination) so things like AAA, ICH etc were banned as a message password in Enigma machines.

It wasn't just non-random-looking plugboard layouts, they also didn't want to use any that gave away the details of the keyboard layout (or any other details of the machine's implementation), which excluded adjacent letters on the keyboard from appearing next to each other. This would have been a lot more sensible if the Poles hadn't already stolen an Enigma machine and the allies didn't already know the keyboard layout...

The enigma machine had a set of rotors in different positions. To make sure that it was random, the German high command did not allow any of the rotors to be in the same position on two consecutive days. This dramatically reduced the search space because, if you knew yesterday's rotor positions, you could immediately eliminate a large number of potential positions for today.

The bigger weakness, however, was the use of repeated plaintexts, which made it trivial to tell when a correct decryption had been found.

The really surprising thing about Enigma is how close it came to being secure. The most complex computers that the British could build were only just able to break the encryption, and even then only because the machine was used incorrectly. With slightly better cryptologists writing the policies for use for the Germans, Enigma would probably not have been cracked.

Re:This is a random comment.

[MillionthMonkey]

Because you're including aleph-null and the rest of the alephs?

I wonder who would ask you, please give me a random finite or transfinite value.

Even asking for a random finite integer is stupid if the integer merely has to be within aleph null. You'll get a number with log(infinity) digits.

Re:This is a random comment.

[maxwell+demon]

Because you're including aleph-null and the rest of the alephs?

That's the definition of the cardinal numbers, yes.

I wonder who would ask you, please give me a random finite or transfinite value.

That's not the question. The question is whether it is possible to define probabilty distributions on them.

Even asking for a random finite integer is stupid if the integer merely has to be within aleph null. You'll get a number with log(infinity) digits.

Not necessarily. For example, a perfectly fine probability distribution on the positive integers is p(n) = 2^-n. The probability to get a number greater than 10 is less than 0.1%.

Also the most common probabilty distribution on the real numbers, the normal distribution or Gauss distribution, covers the full range of real numbers from minus infinity to plus infinity.

So a priori I see no reason why it shouldn't be possible to define probabilty distributions on larger sets or even true classes, such as e.g. the cardinal numbers, beyond the trivial extension that your probabilty distribution is zero everywhere except for a subset isomorphic to the integers or reals. I don't actually know if it is, but unless you can give a good reason why it cannot, you have to expect that it can.

(Well, with the set of cardinals, one may get additional problems with the restrictions for true classes; but in that case you can just take instead the example of a regular set larger than the set of real numbers; say, the set of infinite sequences of real numbers, or the set of real functions.)

Re:This is a random comment.

[MurphyZero]

I've done it before, but I tossed several pennies at the same time. One stayed on its edge between two other pennies. Just shows that flipping a coin is not a two-valued problem. Not even three valued either as you can always lose the coin and it remains indeterminate. If you have anti-grav, you can even get flipping back and forth, never hitting the ground.

Random today, but still random tomorrow?

[JSBiff]

I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

Still, I suppose until such a time (if it ever arrives), this is probably a lot better than currently existing approaches.

Re:Random today, but still random tomorrow?

[MillionthMonkey]

If they're tapping into the randomness of something's wave function, then nobody will ever be able to predict the outcome.

Re:Random today, but still random tomorrow?

[spleen_blender]

Is that not true of "randomness" we see in natural systems as well? Know enough about its elements and you can predict its behavior?

Determinism, we don't need no stinkin' determinism.

Re:Random today, but still random tomorrow?

[Florian+Weimer]

I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

A secure implementation of this would use some deterministic post-processing element (these days based on the AES-128 or SHA-256 primitives), so that even when the source of non-determinacy fails, you still get unpredictable output, as long as the cryptographic primitive has not been breached.

On the other hand, we still haven't got a good random number generator in our libc, and we can't just use RAND_bytes everywhere for licensing reasons. So our problems are far more mundane.

Re:Random today, but still random tomorrow?

If they're tapping into the randomness of something's wave function, then nobody will ever be able to predict the outcome.

The only support for that is that nobody knows how to predict it yet. If someone does find a way then we'll just have to modify our understanding of the universe accordingly. To announce that it just won't ever be able to be done is to mistake our current scientific knowledge for revealed religious Truth.

Re:Random today, but still random tomorrow?

[hairyfeet]

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC. You could use size limits to narrow the search..say between 500Mb and 2Gb. Then make a hash based on those five folders, something like file sizes or time stamps or a combination of the two, wouldn't that be pretty damned random?

Now maybe I'm understanding it wrong, certainly not a crypto expert by any stretch, but surely nobody has the exact combination of downloads+pictures+music+temp+docs that I do, and that data should be able to be mixed in plenty of ways to generate random numbers, yes? And by choosing random folders based on size instead of just choosing defaults you shouldn't run into the "everyone has the same" problem like the default contents of my music or my pictures, so am I missing something?

Re:Random today, but still random tomorrow?

[BarryJacobsen]

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC. You could use size limits to narrow the search..say between 500Mb and 2Gb. Then make a hash based on those five folders, something like file sizes or time stamps or a combination of the two, wouldn't that be pretty damned random?

Now maybe I'm understanding it wrong, certainly not a crypto expert by any stretch, but surely nobody has the exact combination of downloads+pictures+music+temp+docs that I do, and that data should be able to be mixed in plenty of ways to generate random numbers, yes? And by choosing random folders based on size instead of just choosing defaults you shouldn't run into the "everyone has the same" problem like the default contents of my music or my pictures, so am I missing something?

What you're describing sounds more like something that could be the "seed" for the random number generator - which would then still use an algorithm to generate the "random" numbers (since they're using an algorithm, they'd still just be pseudo-random).

Re:Random today, but still random tomorrow?

[kestasjk]

The real problem is that the randomness might be biased one way or another. If a flip-flop doesn't have a 50:50 chance of settling on one or the other (something that seems more likely than not) then it'd be a much, much worse source for entropy than what we use now.

I really don't think we need any dangerous new entropy source, we have collect plenty of entropy already, and when dealing with something as important as getting random numbers from an RNG if it ain't broke don't fix it

Re:Random today, but still random tomorrow?

[flymolo]

Part of the source for this randomness is the propagation of electricity in the circuit which can be different due to manufacturing impurities. You could potentially predict it, if you had the individual chip. That's better than what we have now, by a mile.

Re:Random today, but still random tomorrow?

[b4k3d+b34nz]

Unless your folder structure constantly changes, the seed value you use would be the same, which means it's then (relatively) predictable. Will anyone actually crack it? Not likely, but basically you want a non-deterministic function, and if you have a file server with no new files or changes on it, you would have a deterministic seed.

Re:Random today, but still random tomorrow?

[zegota]

"Say...choose 5 folders at random on a PC" And how exactly do you propose we choose those folders randomly?

Re:Random today, but still random tomorrow?

[ArsonSmith]

"...to generate random numbers? Say...choose 5 folders at random on a PC."

infinite loop. I think your algorithm is going to fill up the memory rather quickly.

Re:Random today, but still random tomorrow?

[CharlyFoxtrot]

It's random folders all the way down.

Re:Random today, but still random tomorrow?

[Elektroschock]

For licensing reasons = because of soft patent madness?

Re:Random today, but still random tomorrow?

[Dancindan84]

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC.

To understand recursion one must first understand recursion.

Re:Random today, but still random tomorrow?

[Bakkster]

More importantly, the process variation of the transistors for each bit could lead each flip-flop to have its own, non-equal probability distribution. Thus, as certain bits would be more likely to be a 1 or 0, it's not truly random either. It would be like a 'fingerprint' for a specific piece of hardware. Run a few million random number requests and look at the distribution of the bits. Match them up, and the machines are likely to be the same (within the confidence interval after you run your statistics).

Re:Random today, but still random tomorrow?

[ircmaxell]

What bothers me, is the quote:

At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods

If it's "purely" random (as they put it), then how can you measure the difference between it and a "conventional" method? Wouldn't comparing a pseudo random source to "true" randomness be like comparing a finite number to infinity? In that you "know" it's more random, but it's impossible to quantify with a finite value (the twenty times qualifier)?

Re:Random today, but still random tomorrow?

[AP31R0N]

Randomness is all about perception, i think.

The roll of a die is random (enough) for gaming because most people can't control their hand and the environment with enough precision to control/predict the outcome. In reality, the outcome is completely causal. The starting orientation of the die, the bounciness of the die, the sharpness of the edges, the velocity imparted by the hand, the hardness and friction of the rolling surface determine what the roll will be. With enough control over those inputs the roll would cease to *appear* random.

Record a die roll on a high-speed camera. As the decelerates the outcome of the die will be easier and easier to predict. The 1 and the 2 will be on the top at the last 1/10th of a second, in the last 1/100th of a second it will become crystal clear that it's going to roll a 1.

The apparent randomness of weather is decreasing over time, not be because weather has changed it's behaviour, but because we have more and more information about it. We learned that this mountain diverts the wet air from the south and now we have a doppler radar with twice the resolution of the last generation.

Ages ago i came up with a probability funnel/cone drawing that shows this. Draw a square, draw a funnel/cone shape that is closed at one end and all the way open at the other. Held with the opening to the right you see the range of possibilities growing over time. This is like trying to predict the weather further and further out. Rotate the paper 180 degrees and it shows your attempts to predict todays weather over the course of last week. By Monday you have a much better idea than you did last Tuesday.
Another way to think of it is: a car driving full speed on the salt flats. We know it's speed is fixed at 100 MPH. We are trying to predict where it will be in 1 minute. The car can only turn so much without tumbling to the driver's death. Therefore we can draw a cone of possibilities of X degrees per second in each direction. The car can go left and right at the drivers whim, but there is a bounded area showing where he can go in the time allowed. When crosses the line where he can start turning the possible end locations are many. But with each passing second it will become clearer where he'll be at the end. Where he ends up is random insofar as we don't know what he's going to do (straight, zig zag, hard left). He might have a plan, or he might wing it. In any case, the final location is *caused* by his turning the wheel.

Randomness of macro (not quantum) objects behavior isn't magical. It's just a reflection of our ignorance and lack of control over circumstances. Your bumping into an ex at the coffee shop is not random (or destiny). Each of you chose to go there at the same time. An outsider watching both of you would see it unfold as a series of choices. Hamlet shows a chaotic situation caused by independent agents making choices. Polonius decides to hide. Hamlet decides to stab the figure behind the curtain (but wasn't trying to stab Polonius).

So, in a way, randomness is dramatic irony. Sometimes you are the actor, bumbling about your plan colliding into other plans. Sometimes you're the audient seeing it all unfold. Without perception (an audience) there's no randomness... just events unfolding.

Re:Random today, but still random tomorrow?

[nobodyknowsimageek]

There is already a much better approach than this in use for crypto; it's called "entropy gathering". It basically amounts to sampling things like network traffic, mouse movements, &etc and using the "noisy" bits of that data plus some math to induce randomness that is unpredictable and unrepeatable.

The problem with your approach, and anything that depends purely on an algorithmic processing of data that others can access, is that it is repeatable, given the data and the algorithm. With entropy gathering the data seeding the algorithm would be extremely difficult to re-capture after the fact.

Re:Random today, but still random tomorrow?

[Florian+Weimer]

For licensing reasons = because of soft patent madness?

No, the OpenSSL license is incompatible with the GPL, so you have to think twice before using code from libcrypto, however convenient it might be.

Re:Random today, but still random tomorrow?

[afabbro]

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC. You could use size limits to narrow the search..say between 500Mb and 2Gb. Then make a hash based on those five folders, something like file sizes or time stamps or a combination of the two, wouldn't that be pretty damned random?

Not really. Take 10 PCs and "WINDOWS", "Program "Files", "Office", "Adobe", etc. are probably some of the top 5 folders by space, If you limit it to exactly .5 to 2.0 GB, then there's an even smaller number of common folders that fall in that range - and that likely excludes your pictures, your videos, etc. Probably one or two of them didn't exist five years ago, so already I know the probable year or a small range of years. Time stamps - perhaps updated last when a new Microsoft patch was pushed out? I can look at Windows Update and narrow it further. Your completely random has gone to "a list where I know probably one of the names and some of the years, if not datestamps".

True randomness is a lot harder than it looks.

Re:Random today, but still random tomorrow?

[OwenMarshall]

Some RNGs are seeded with "folder data" in this way. Mozilla's NSS, for example, looks at temp directories and mixes that data in as a seed. Using this as the *output* of a PRNG? Nope, not a good idea -- we've got a handful of CSPRNGs that have strong security proofs associated with them. For example, Blum Blum Shub is secure so long as integer factorization is hard. This is the same assumption we make for RSA, for example. Your RNG lacks any such guarantee. Plus, your idea falls down when you say "choose 5 folders at random". How do you do that?

Re:Random today, but still random tomorrow?

[tehniobium]

I agree.

This article seems like pseudo-science to me, and I somehow doubt (or should I say don't believe) they got true randomness from conventional hardware.

Re:Random today, but still random tomorrow?

[Just+Some+Guy]

I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

Who cares if it does, as long as it's not the only entropy source used. At worst, if it emitted "1" every single time, it simply wouldn't add to the entropy of the system. There's nothing it could do to lessen the randomness collected from other sources.

Re:Random today, but still random tomorrow?

[Facegarden]

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC. You could use size limits to narrow the search..say between 500Mb and 2Gb. Then make a hash based on those five folders, something like file sizes or time stamps or a combination of the two, wouldn't that be pretty damned random?

Now maybe I'm understanding it wrong, certainly not a crypto expert by any stretch, but surely nobody has the exact combination of downloads+pictures+music+temp+docs that I do, and that data should be able to be mixed in plenty of ways to generate random numbers, yes? And by choosing random folders based on size instead of just choosing defaults you shouldn't run into the "everyone has the same" problem like the default contents of my music or my pictures, so am I missing something?

But if someone had access to your folders, they could do the same calculation, and then the number wouldn't be "random" at all.

I'm not sure how or why they need random numbers for crypto stuff, but I have at least gathered that the whole idea is making it so that *no one* can predict what it would be, under any circumstance. Hence, random. If your computer can calculate some number based on X files and folders, you can get the same number multiple times. In fact, if a hacker intercepted that number once, they could use it again reliably, since that's what your computer might do if the files don't change. That's not random at all.

-Taylor

Re:Random today, but still random tomorrow?

[by+(1706743)]

If they're tapping into the randomness of something's wave function, then nobody will ever be able to predict the outcome.

Sure, but what if the state beforehand isn't exactly 1/sqrt(2) (|0> +/- |1>) ? Granted, we probably still won't be able to predict the outcome, but if it's weakly coupled to some other, seemingly random part of the machine (which we may have access to), then we may be able to make guesses. I'm not at all saying that's likely, of course.

Re:Random today, but still random tomorrow?

[B4light]

Use it anyways, don't tell anyone!

Re:Random today, but still random tomorrow?

[Andy+Dodd]

Yup, the need for true random numbers in crypto is when choosing a key - if the key generation isn't truly random, it's possible to predict.

If I recall correctly, this is what happened with the OpenSSL fiasco - someone broke one of the entropy sources in the key generation mechanism.

There are plenty of processes in nature that lead to true randomness - Zener diodes in reverse bias are notoriously noisy, this is usually a problem, but people have used that flaw to create hardware RNGs. Intel had a true hardware RNG based on measuring the drift between two ring oscillators, one of which was perturbed by a noise source, in some of their older chipsets. In fact that approach sounds a LOT like this "new" "flip-flop" based approach.

Some consumer crypto approaches (IIRC TrueCrypt uses this approach) rely on some degree of randomness in human keystroke intervals that can be de-biased and then used as a seed for a pseudorandom number generator.

Re:Random today, but still random tomorrow?

[hairyfeet]

Give each folder a numerical value, and then draw 5 based on a combination of date, time, last access stamps, last opened, you could mix and match a lot of different variables to get those 5 random. Then for the hash you could have...say a counter that added number of mouse clicks in a time period +number of packets in a different period times x to the power of y, with x and y chosen by using say the date minus the last 3 access stamps.

Now considering in my Windows folder alone we are talking about 10,000+ folders, the odds that you would be able to guess which 5 plus the access time, time stamps, last accessed, or any combination thereof PLUS the hash based on mouse clicks AN/OR network traffic would have to be so small as to be mathematically impossible. Again unless I'm missing something? With the incredible power we have even on lower end machines that probably wouldn't take more than a couple of minutes to calculate, do so once a week and the odds of anybody guessing correctly would be smaller then I would even know how to begin to calculate. Again, not a crypto expert, just somebody that is curious.

Re:Random today, but still random tomorrow?

[Korin43]

Well encryption keys are usually just really big random numbers (multiplied by something?). So if someone had access to your random seed at the time, they already know your key (and don't need the password to unlock it).

Re:Random today, but still random tomorrow?

[collinstocks]

That's why you always debias random data. You take two bits at a time. If they are both the same, you throw them both out. If it is 1 0, you return 1. If it is 0 1, you return 0. Or vice versa.

Re:Random today, but still random tomorrow?

[ircmaxell]

Well, based on my understanding of it (I am by no means an expert), you can get true randomness from conventional hardware. Each transistor that's produced in a chip will be ever so slightly different from every other one (different number of atoms, different alignment of crystals, etc). So there is a source of entropy there that's quite large. The problem with this is two fold. The first problem is getting the entropy out of the manufactured chip (which is what these people are claiming to do). The other problem, is the type of entropy. The randomness is introduced at fabrication. So (again, if I understand correctly) each chip would essentially be a pre-seeded random number generator. Sure, you couldn't define a general "pattern" across all chips, but you very well may be able to for a single chip.

That got me thinking. If indeed you could pattern a chip, could that be a "foolproof" and "tamperproof" method of fingerprinting a device? So a USB thumb drive (or anything with a chip) could become a secure authentication device (since you'd be able to fingerprint a chip on the device, generating random numbers with that fingerprint would "prove" you have that exact chip, not just one with an identical state)?

Re:Random today, but still random tomorrow?

[maxwell+demon]

Unless the password is used for generating the key (together with the random number, of course).

Re:Random today, but still random tomorrow?

[Prosthetic_Lips]

WHAT?? Hamlet stabs Polonius? Where's the *^@%^*&@# SPOILER tags in these posts?

That's what I hate about the Internet, people spoiling things for others just to prove a point.

Yeesh.

Re:Random today, but still random tomorrow?

[maxwell+demon]

Of course that assumes independence of the bits. If there's a memory effect, the "debiased" data may still be biased.

Re:Random today, but still random tomorrow?

[Garble+Snarky]

Why do they have to be random? Why not just go through them alphabetically or chronologically? Wouldn't you need access to a system to be able to predict anything from a RNG based on this?

Re:Random today, but still random tomorrow?

[MillionthMonkey]

The only support for that is that nobody knows how to predict it yet. If someone does find a way then we'll just have to modify our understanding of the universe accordingly.

We do have theories about quantum mechanics that refer to hidden variables. The universe would be deterministic and only appear otherwise because the variables must fundamentally remain hidden to observers. Except for hackers in Kazahkstan maybe.

To announce that it just won't ever be able to be done is to mistake our current scientific knowledge for revealed religious Truth.

It's theory. Not a "religious Truth". But not exactly "just a theory" either... so far it remains consistent with experimental observation.

Re:Random today, but still random tomorrow?

[Samah]

infinite loop. I think your algorithm is going to fill up the memory rather quickly.

Actually I think it'd be more like a stack overflow. :)

Re:Random today, but still random tomorrow?

[TerranFury]

Ages ago i came up with a probability funnel/cone drawing that shows this. Draw a square, draw a funnel/cone shape that is closed at one end and all the way open at the other. Held with the opening to the right you see the range of possibilities growing over time. This is like trying to predict the weather further and further out.

Sounds like the Lyapunov exponent in chaos/dynamical-systems theory (which measures how sensitivity to initial conditions grows in time).

Re:Random today, but still random tomorrow?

[Elektroschock]

But it is just a Apache licensed library, no? Why do you have to copypaste it?

Re:Random today, but still random tomorrow?

[mindstrm]

Sure. But it's still not the same level of security, or randomness, as a true random number generator... that's what the math/crypto guys are all about.

A cheap, on-silicon way, using current fabrication methods of building reliable random number generators into microprocessors is a good sell.... so figuring out how to use components that we already know how to mass produce and turn them into cryptographically useful RNGs is significant.

Re:Random today, but still random tomorrow?

[mindstrm]

Could be because the device that needs to generate the random number isn't a PC.

Re:Random today, but still random tomorrow?

[Florian+Weimer]

But it is just a Apache licensed library, no? Why do you have to copypaste it?

The OpenSSL license is closer to other old, 4-clause BSD license with the advertising clause. The FSF claims that the GPL (all versions, including version 3) is incompatible with the advertising clause, and most copyright holders who use the GPL for their code presumably follow this interpretation.

Re:Random today, but still random tomorrow?

[gadzook33]

A well-known scientist (some say it was Bertrand Russell) once gave a public lecture on astronomy. He described how the earth orbits around the sun and how the sun, in turn, orbits around the center of a vast collection of stars called our galaxy. At the end of the lecture, a little old lady at the back of the room got up and said: "What you have told us is rubbish. The world is really a flat plate supported on the back of a giant tortoise." The scientist gave a superior smile before replying, "What is the tortoise standing on?" "You're very clever, young man, very clever", said the old lady. "But it's turtles all the way down!"

Re:Random today, but still random tomorrow?

[sFurbo]

Metastable indicates that the outcome is random. Think of it as a ball placed on top of a hill, with a valley on each side. If the ball is truly on the top of the hill, which side it will roll down is random. Now, the differences you mention would mean that every hill had its own topography, which would of course affect the probability of the ball going in each direction, so it might not be even odds for 0 and 1 for every bit, but it would still be random event, and biases can be corrected for (at the cost of fewer bits of randomness).

Re:Random today, but still random tomorrow?

[jonadab]

> The apparent randomness of weather is decreasing over time

Maybe where *you* live it is.

Around here, the two-day weather forecasts are significantly less accurate than the predictions in the farmer's almanac, and often less precise as well. For the entire month of June they say something like "partly sunny, chance of rain". Well, duh.

Heck, the predictions for what weather we were going to have yesterday are a perfect example. Late last week they said we were going to get 6-8 inches of snow on Monday. Then on Saturday they changed their mind and said it was going to be rain Monday. Then at some point on Sunday they said it would be freezing drizzle. Yesterday morning they said no, that was wrong, it would be snow after all, 6-8 inches of snow. You want to guess what we actually got? I'll give you a hint: it was 40 degrees all day.

The weather reports are worthless. The dudes that give them to us are basically just flimflam men. If we got our weather predictions by rolling dice, they'd be just as reliable. I say we stop paying for this nonsense and tell the meteorologists to get a real job.

Re:Random today, but still random tomorrow?

[jonadab]

Oh, one more thing I forgot to mention: there was no significant precipitation yesterday. It was pretty foggy, but there wasn't really any water actually coming down (apart from the melting stuff dripping off the roofs and trees, of course).

The one consistent feature of all the weather predictions for yesterday was that there was going to be stuff falling from the sky all day. They kept changing their mind about how liquid or solid it was going to be, but they were sure we were going to be getting quite a bit of it.

Yeah, tell us another story, Mr. Weatherman.

Re:Random today, but still random tomorrow?

[geminidomino]

If you want non-determinism, just ask your wife to quantify her current mood numerically.

Re:Random today, but still random tomorrow?

[L4t3r4lu5]

20 goto 10

Re:Random today, but still random tomorrow?

[AthanasiusKircher]

The weather reports are worthless. The dudes that give them to us are basically just flimflam men. If we got our weather predictions by rolling dice, they'd be just as reliable. I say we stop paying for this nonsense and tell the meteorologists to get a real job.

I agree with your criticism of the GP's post. Weather reports are pretty bad, and they aren't really getting much better. Nevertheless, they aren't quite as bad as you imply. If you'd like to get a sense of the relative accuracy for various weather forecasting organizations in your area, you might want to check out:

http://www.forecastadvisor.com/

There have been studies on this, and depending on how you interpret the data, your local TV weatherman is probably useful for 24-36 hours of forecasting. (Some really aren't much better than chance, but most can at least give a prediction somewhat better than chance for the weather on the next day.) Beyond that, you'd be better off consulting some national service. The error rate gets bigger and bigger, but basically once you get somewhere between 5-8 days out, the predictions really aren't any better than chance. So don't believe 10-day or 14-day forecasts -- they are just nonsense. Basically, for anything more than a few days out, consult climate data for your region and go from that.

In any case, weather prediction isn't that great, but it is better than chance, at least for short time frames.

Re:Random today, but still random tomorrow?

[Lunix+Nutcase]

That would be only if you copy and pasted the code in. Using the library itself would have no such issue.

Re:Random today, but still random tomorrow?

[dysan27]

I actually had a text book where in the index "recursion" referred to the index page on which recursion was listed.

Re:Random today, but still random tomorrow?

[hazydave]

Yeah... I'm a little concerned about this approach. It's true that, when you violate the setup and hold times on a flip-flop, the device will go metastable for a defined period of time. The result is unpredictable, but you have more work to do to prove it's truly random... it is influenced by system noise and other stuff. That stuff could be random, but it could also not be all that random.

Way back in college, I did a "digital dice" project, in which we were told which parts to use (from the old, glorious, TI TTL Databook... I had the hardcover version), and we had to explain why it was random. In addition, they claimed there would be some noise on the power supply. I rejected that immediately... the noise wasn't likely in this kind of device, running from batteries. My trick was pretty simple. I had one timer used for the "roll"... it basically just counted for a period of time, set by an RC constant, no big magic. Then I had a second timer that ran a cycle of over a minute in time. That one modulated the frequency of the first. So, based on when and how long you pressed the "roll" button, the count was crazy variable.

I'd like that kind of thing for random numbers.. all the stuff, like human input, that has nothing to do with the device you're using. How about a super-accurate timer catching keystrokes and only looking at the LSBs? Even great musicians don't have perfect timing, even if (as a not-so-great musician), they might do better than I do. Why not factor in GPS, light sensor, WiFi RSSI, and a bunch of other "random" data you might have. Would this really be less random than what these guys did?

Re:Random today, but still random tomorrow?

[Florian+Weimer]

That would be only if you copy and pasted the code in. Using the library itself would have no such issue.

We have statements from the copyright holders that they consider linking to OpenSSL a violation of the GPL. Even if the legal situation is actually different (which hard to tell, but it would certainly reduce copyleft to a mere political statement without legal force), I'm not sure it's a good idea to ignore the wishes of your upstream developers in such a blatant way.

Judging by your comment...

[AtomicDevice]

I'd say based on the fact that all your characters were lower case, and the overwhelming proportion of characters to digits, there are significantly fewer bits of entropy in your so-called random comment than you would have us believe.

Re:Judging by your comment...

[biryokumaru]

Here's a question about bits of entropy:

If they can mathematically calculate how random something is, can't they just mathematically determine what would be the most random series of numbers, and just use that?

Re:Judging by your comment...

[blueg3]

No. Neither a number nor a sequence of numbers has, by itself, any entropy.

Re:Judging by your comment...

[TheCarp]

He never said what the encoding was

Re:Judging by your comment...

[nacturation]

If they can mathematically calculate how random something is, can't they just mathematically determine what would be the most random series of numbers, and just use that?

Then all that's needed is legislation that requires everyone desiring a random series of numbers to use the one that was pre-calculated for them. Problem solved!

Re:Judging by your comment...

[Sir_Lewk]

That however doesn't mean that it is any less random. I can make a random sequence using nothing more than 1's and 0's. Including the digit 2 would not make it any more random, it would just increase the randomness per character.

Re:Judging by your comment...

[tepples]

The entropy of a sequence of numbers is its Kolmogorov complexity. It can't be calculated, but compression programs like 7-Zip give upper bounds.

Re:Judging by your comment...

[blueg3]

No, that's really a measure of complexity. It can be used as *a* measure of "randomness", but it is not the same as entropy.

Re:Judging by your comment...

[Abcd1234]

Not really. This is akin to the definition the NP complexity class in computing science. You see, a problem is in the NP complexity class if any given solution can be *verified* using a polynomial time algorithm. However, *finding* the solution may be arbitrarily hard.

As an example, it's dead easy to determine if a number is the product of two specific primes (just multiply them together). However, it's extremely difficult to actually find those two prime numbers in the first place.

Similarly, while it may be easy to calculate the overall entropy of some sequence of data, it may be hard to actually generate that data in the first place.

Re:Judging by your comment...

[maxwell+demon]

They are the ones that are uncompressable.

Doesn't the compressibility depend on the compression algorithm? Are there sequences where you can prove that no compression algorithm will compress this special sequence (versus just checking that none of the known compression algorithms does)?

Actually, if you don't take the size of the compression algorithm itself into account, it's already trivial to achieve it: Start with any conventional compression algorithm. Now our new algorithm is the following:

if (sequence to compress == special sequence)
  write(0)
else
  write(1)
  compress sequence with other algorithm

That way the sequence will always be compressed to 1 bit. However, at the cost that you have to store the sequence in the decompression algorithm, because otherwise the one-bit file cannot be decompressed. Therefore the size of the (executable) decompression algorithm should count towards the compressed size. However, that gives another problem: The size of the algorithm depends on the machine code it's implemented in. A space-optimized x86 implementation will need a different number of bytes than a space-optimized Alpha version. So what is the "correct size" of the algorithm?

A nice example is the number pi. Pi is assumed to be normal, i.e. its digits are "random"; that would naively translate into not compressible. However, pi is very well compressible, as any algorithm to calculate pi is a compression of the sequence.

Re:Judging by your comment...

[maxwell+demon]

Actually I just noticed that there are sequences which provably cannot be compressed. There are at least two of them: The one-bit sequence "0" and the one-bit sequence "1".

Re:Judging by your comment...

[svtdragon]

I once read a detailed account of an experiment to this end, involving a heart of gold, an ape-descended life form, and digital watches.

The principle of generating small amounts of finite improbability by simply hooking the logic circuits of a Bambleweeny 57 sub-meson Brain to an atomic vector plotter suspended in a strong Brownian Motion producer (say a nice hot cup of tea) were of course well understood - and such generators were often used to break the ice at parties by making all the molicules in the hostess's undergarments leap simultaneously one foot to the left, in accordance with the Theory of Indeterminacy.

Many respectable physicists said that they weren't going to stand for this - partly because it was a debasement of science, but mostly because they didn't get invited to those sort of parties.

Re:Judging by your comment...

[maxwell+demon]

Why can 0 and 1 not both be valid prefix codes? They don't have any common initial sequence. Indeed, if you apply Huffman coding (which AFAIK produces a prefix code) to just two symbols, you get exactly that.

But your post led me to the ultimate incompressible string: The empty string.
And yes, I'm 100% sure that this time I'm right :-)

Re:Judging by your comment...

[TheRaven64]

One common definition of randomness is that a random sequence can not be generated by any deterministic program which is shorter than the sequence itself. When you're talking about compression, the decompression algorithm and the compressed data, between them, count as the program. In your example, your decompression program would need a copy of the original sequence, plus the zero bit telling you to use it, plus the algorithm for decompressing other inputs, so it would be significantly longer than the original sequence.

Pi is not random; it can be generated independently by different people who all get the same result. I can not think of any definition of random where Pi would be an example.

Statistically,

[BhaKi]

this one too.

generation of random numbers

the generation of random number is too important to be left to chance.

Re:generation of random numbers

[Rakshasa+Taisab]

I left it to chance and look what it got me!

Re:generation of random numbers

[chrism238]

While this has been rated as Funny, it would have been respectful to acknowledge the source: http://codequotes.com/2006/08/14/coveyou-random-numbers

Re:generation of random numbers

[harlows_monkeys]

Unless you are Robert R. Coveyou, you should have attributed that.

Why not use the ultimate random number generator?

Just pull random slashdot threads at -1 and hash that. Can't get more random than that.

XKCD Bait

[jgtg32a]

Lets play a game, what XKCD am I thinking of?

Re:XKCD Bait

[SilverHatHacker]

The one mentioned in the post right below yours?

Re:XKCD Bait

[soulsteal]

Is this your card?

Re:XKCD Bait

[Anubis+IV]

I don't know which one you're thinking of, but, thanks to your wording, I'm thinking of this one, and I just lost.

obligatory xkcd

[fuo]

always been one of my favorites... http://xkcd.org/221/

Re:Why not use the ultimate random number generato

So your suggestion is to generate a random with a random? How do you get the random slashdot thread?

Hardware?

[e2d2]

TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

Re:Hardware?

[eldavojohn]

TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

My guess would be custom though not completely different from everyday stuff. I was familiar with "metastability" from my college courses where it was mentioned as a classic problem in electronics. I suppose there could be a way to harvest this data from hardware before it gets corrected. I never thought of this before but if you had a long length of optical fiber cable (longer than what it's rated for use) then you could send messages through that and collect them on the other end. I mean, we implement parity to remove these random flips of bits through transmission, couldn't we also use this to increase randomness of random numbers? I think I've read of the network guys fighting metastability so their incorrectly implemented hardware could probably be exploited as sources of random bits.

Re:Hardware?

[tippe]

or if said hardware remains random in the presence of process, voltage or temperature variations (all of which affect the operation of "regular" flip-flops). It's one thing to "harness" the randomness of a register's metastability in the lab and quite another to do the same thing in mass-produced silicon...

Re:Hardware?

It's a little box with a Mexican jumping bean in it.

Re:Hardware?

[marcansoft]

That's not metastability, that's a floating input that doesn't have a defined level and therefore floats around various levels depending on a myriad of conditions (e.g nearby electric fields). It can cause metastability, but that's the least of your worries if your reset line is floating.

Metastability is different, it's what you get when you wire a switch (no matter what kind of cleanup hardware you place externaly - even if it's a perfect pulse) to internal FPGA logic without a couple synchronization flipflops, since you're connecting an asynchronous input to synchronous FPGA logic (the same happens when you cross clock domains without sync). If you hit the button at just the right time (such that setup/hold time specs for the flipflop are violated), the next flipflop in your internal logic will go metastable and mess up the next layer of logic. If you're lucky, the button just glitches. If you're unlucky, it can cause inconsistent internal states and even result in impossible conditions for state machines that physically lock up your FPGA algorithms.

The rule of thumb to avoid metastability is to always place two or more synchronizing flip flops between any signal and your core logic if that signal isn't synchronous to your core clock. Then if the first flipflop goes metastable, hopefully the second one will clean it up before it reaches your logic. The disadvantage is the two-cycle delay; such is the tradeoff between avoiding metastability and reacting instantly to input signals.

For example, I had this issue when I was connecting two FPGA blocks, one clocked by a free-running Ethernet clock (25Mhz) and one clocked by a separate xtal for the FPGA (50Mhz). Although the frequencies are multiples of one another, they drift constantly (separate oscillators), and since they're so close they're almost guaranteed to violate setup and hold times for a few cyles many times per second. The net result is that the main state machine in the FPGA logic consistently locked up after a while due to getting stuck in an impossible state encoding.

Re:Hardware?

[Sponge+Bath]

...a free-running Ethernet clock (25Mhz) and one clocked by a separate xtal for the FPGA (50Mhz).

Off topic a bit, but couldn't you have run the ethernet clock into something like a Xilinx DCM module to generate the 50MHz from the 25MHz with a fixed phase relation to eliminate the need for synchronization across clock domains?

Re:Hardware?

[Chris+Burke]

My guess would be custom though not completely different from everyday stuff. I was familiar with "metastability" from my college courses where it was mentioned as a classic problem in electronics. I suppose there could be a way to harvest this data from hardware before it gets corrected.

It'd most definitely be custom hardware, especially if you want it to be on the cpu die or very close to it for speed, but nothing exotic like you say. CMOS logic is normally designed to avoid metastability simply through appropriate circuit delays for synchronous stuff, and with complex synchronizers for communicating between asynchronous clock domains. Clearly if they have to be designed to avoid metastability, they can be designed to not avoid it, heh. Trying to exploit existing hardware to do it would be rough, though. At least not without wasting a lot of hardware.

It looks to me like the promising thing about this technique is the small amount hardware needed. It only says a "small array" of flip-flops results in a 20x improvement (with more being better). Flip-flops are much larger than the memory elements in DRAM or CPU caches, so they can be somewhat expensive, but like the WP says they are prone to metastability. Depending on how small the array per random output bit needs to be this could be pretty exciting.

I think I've read of the network guys fighting metastability so their incorrectly implemented hardware could probably be exploited as sources of random bits.

That's a really neat idea. Until good sources of entropy (which if you think about it every computer should have) are built on chip then a little USB doohickey made of a short run of fiber optics would be pretty cool too. :)

Re:Hardware?

[marcansoft]

Yup, but that wouldn't have fixed the problem entirely. You see, there's also an Ethernet RX clock (running yet another piece of FPGA logic), and that one's determined by the outside world (whoever talks to the Ethernet jack) and it's not even constant. Can't get around that one. I was also hoping to be able to vary the core clock independently of the Ethernet clock, without being restricted to multiples of the latter.

What is "more random"?

[onionman]

From TFA:

The team adds that the efforts of a cracker attempting to influence the array will be wholly obvious to a simple statistical analysis as -- depending on the type of attack -- either the whole array or single elements will be disturbed, whereas these are again selected randomly. So this true random number generator can protect systems against third-party snooping, potentially making private and sensitive transactions on the Internet more secure.

Now I'm really skeptical. A cracker who is able to "influence" the array might be able to influence it with a pseudorandom number generator that he/she can predict.

I think that hardware based RNGs, such as those detecting radioactive isotope decay, have been around for a while. I'm not sure how this one can provide more security, especially if the attacker has access to the hardware. I think that most gate transition thresholds can be influence by simple things like temperature anyway.

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

Re:What is "more random"?

[Em+Emalb]

Think of it as a trip to Wendy's to get a value meal. If you get a classic single with cheese meal, regular size is ~$5.00. If you get it "large-sized", it's approximately $6.50.

There. More food for more cost. "More random"=more cost.

(Is it really more random if the part of the generation is either a 1 or a 0? Those states are known. It's either one or the other.) /snark

Re:What is "more random"?

more random means > entropy

Re:What is "more random"?

[dissy]

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

True random means that each item in your possibility list has equal chances of occurring.

If your possibility list is the numbers 1-10, then each number would have exactly a 10% chance of occurring, in order to be truly random.

If instead some numbers have a 10.001% chance of being chosen, and some others have a 0.999% chance of being chosen, then while the result might appear to be just as random, it is less random than the first case.

Of course anything else that adjusts the outcome and enables further prediction also makes the results less random.

Sometimes, less random is good enough, say for a video game AI. It is worth it to spend less resources generating a less random number, when that amount of randomness is good enough.
Not so much for encryption however.

Re:What is "more random"?

[ticklemeozmo]

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

Nothing can be ever be considered random. If it is, it's just in a state of "we just don't have a means of measuring it's next value."

You can call me guessing a "number between 1 and 10" random, but that's just because you don't know my method of choosing. If you did, it wouldn't be random at all. If you knew the order of the deck of cards, and precisely each transition of the shuffle, then the next card could easily be predicted. Since you don't have that power, it's considered "random".

Same thing with network traffic, moving the mouse or memory contents; if you had a way to quickly and accurately measure all the inputs and knew it's method of generation, you could very easily guess the outputs. In all these cases, "random" only means "you cannot guess the outcome with any statistical significance."

Re:What is "more random"?

[joggle]

In Numerical Recipes for C they list several benchmarks for determining how good one random number generator is compared to another (based on various statistics measures) so it certainly is possible for one method to be more random than another. Read chapter 7 of that book for all the details you could possibly want on this subject (with references to even more information).

One way of generating a good random number in Linux is using /dev/random (which uses a hardware-based random signal as its source, I don't recall the details). However, it isn't fast enough for most applications, outputting only a few bytes per second of random information, although it can serve as a useful seed for other random number generators. Just run 'cat /dev/random > random_bytes.bin' to see its output.

I'm curious what rate random information can be generated using the method in the article. I'm presuming it's fast enough that an application could rely solely on this data without having to use it as a seed for a pseudo-random number generator. The question is how long does it take for the hardware to get to the state where its next value is unpredictable--in the case of /dev/random it's relatively long.

Re:What is "more random"?

[blueg3]

Quantum mechanics would like to have a word with you.

Re:What is "more random"?

[MozeeToby]

Dedicated hardware random number generators are expensive and therefore aren't found in regular run of the mill consumer electronics. This is a simple, easy to manufacture, solid state device that improves randomness considerably. It's almost impossible to have a true random number generator, so we generally use pseudo-random number generators instead, generally software based ones. The problem is that given a certain seed value, a random number generator will always produce the same outputs. You might say to yourself "who the hell would go through the time and effort needed to predict the next random number?" but people have done it for everything from Nethack games to Keno machines. This device removes the seed value from the equation, wrapping the random number in an extra layer of randomness.

As for something being more or less random, fire up some old VB code and generate a bunch of random numbers, then plot them on a graph. You'll see a pattern almost instantly. Newer random number generators are better, but the software the drives them will always be derivable given enough samples.

Re:What is "more random"?

[Bruce+Perens]

You seem to be missing quantum mechanics. The noise from a noise diode, a good way of getting real randomness, is a quantum phenomenon and you can only explain it with statistics. There is a probability that any little bit of the junction will avalanche within a certain time, but there is no way for you to say when.

Re:What is "more random"?

[Frequency+Domain]

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

True random means that each item in your possibility list has equal chances of occurring.

No, true random means the outcome cannot be predicted with certainty. What you're describing is one particular type of randomness known as the "uniform distribution". Gaussian or binomial random variables, for example, don't have equal likelihood for the outcomes but are still truly random.

Re:What is "more random"?

[jittles]

There is no such thing as a random number generator, only a psuedo-random number generator. Therefore these numbers appear to be more random than for instance software based techniques to generate a psuedo-random number.

Re:What is "more random"?

[vlm]

There is no such thing as a random number generator, only a psuedo-random number generator.

If you allow special hardware this is almost too easy, listen to a geiger counter click using a microphone, etc.

If you insist on off the shelf PC hardware, simply record the sound input (better with a microphone attached, but just the hisssssssssss is OK too) then hash it or otherwise stir well.

the LSB of the timer for each keyboard interrupt works OK too.

There is probably a theoretical proof, that over a long enough congested enough internet path, you can get bits of randomness out of the least sig bits of TCP timers.

Re:What is "more random"?

[wertarbyte]

True random means that each item in your possibility list has equal chances of occurring. If your possibility list is the numbers 1-10, then each number would have exactly a 10% chance of occurring, in order to be truly random.

perl -le '$v = 0; sub random {$v=($v+1)%10;return $v}'

Perfectly random?

Re:What is "more random"?

[dcollins]

"What exactly does 'more random' mean in the summary? I think something is either random or it isn't."

See statistical classifications such as the BSI Evaluation Criteria:
http://en.wikipedia.org/wiki/Pseudorandom_number_generator#BSI_evaluation_criteria

The German Federal Office for Information Security (BSI) has established four criteria for quality of deterministic random number generators. They are summarized here:

K1 -- A sequence of random numbers with a high probability of containing no identical consecutive elements.
K2 -- A sequence of numbers which is indistinguishable from 'true random' numbers according to specified statistical tests. The tests are the monobit test (equal numbers of ones and zeros in the sequence), poker test (a special instance of the chi-square test), runs test (counts the frequency of runs of various lengths), longruns test (checks whether there exists any run of length 34 or greater in 20 000 bits of the sequence) -- both from BSI2 (AIS 20, v. 1, 1999) and FIPS (140-1, 1994), and the autocorrelation test. In essence, these requirements are a test of how well a bit sequence: has zeros and ones equally often; after a sequence of n zeros (or ones), the next bit a one (or zero) with probability one-half; and any selected subsequence contains no information about the next element(s) in the sequence.
K3 -- It should be impossible for any attacker (for all practical purposes) to calculate, or otherwise guess, from any given sub-sequence, any previous or future values in the sequence, nor any inner state of the generator.
K4 -- It should be impossible, for all practical purposes, for an attacker to calculate, or guess from an inner state of the generator, any previous numbers in the sequence or any previous inner generator states.

Re:What is "more random"?

[C_Kode]

but there is no way for you to say when.
Yet.

Re:What is "more random"?

[BlaisePascal]

/dev/random is slow because it maintains an entropy pool filled by sources of randomness in the hardware -- things like mouse movements, keystroke timings, disk timings, etc. If reading from /dev/random drains the pool faster than it's filled, then /dev/random blocks until there is enough entropy. /dev/urandom uses the same techniques (same pool, even), but it doesn't block when the pool is drained of entropy. Theoretically this means that there could be enough information in the output of /dev/urandom to predict the next output, but I don't think the theory has been put into practice.

A hardware RNG could easily be configured as another source of randomness added to the pool.

Re:What is "more random"?

[JesseL]

Actually, hardware random number generators are found in a lot consumer electronics. Typically they use something like a temperature sensor connected to a DAC - just read the least significant bits and you have a pretty good random seed.

These things are commonly integrated with microprocessors these days.

Re:What is "more random"?

[dgatwood]

Only if Heisenberg was right. Many, many things in science have been believed to be absolute truths but were later proven to be wrong as new technologies became available.

Re:What is "more random"?

[maxume]

We can't pierce that veil with current science.

That doesn't say anything about whether it is possible.

Re:What is "more random"?

[TechyImmigrant]

More random means harder to predict. If you can predict the next bit with better than 50/50 chance, you don't have perfect entropy. The actual entropy is a function of how well an optimal predictor can predict future output.

If you can predict 8 out of 10 bits then the bit stream is less entropic than one for which you can predict 7 out of 10 bits. If you can only predict 5 out of 10 bits, then you have perfect entropy. If you can predict fewer than 5 out of 10 bits, you're doing it wrong.

Re:What is "more random"?

[blueg3]

Not Heisenburg so much as Bell. Even to suggest that it boils down to whether one person is right grossly mischaracterizes quantum mechanics and science in general.

The view that "sometimes people are wrong", in the face of the empirical confirmation of Bell's inequality, is a rather weak basis to make the strong claim, as you did, that everything is deterministic.

Re:What is "more random"?

[HiThere]

This depends on which interpretation of Quantum Mechanics you believe in. You seem to be a Copenhagen Interpretation guy. Many Worlds [EGW] would agree with you on results, but disagree on reasoning. Hidden Variables has been having some trouble in the last decade or so, but may recover. He would disagree with you. Super Determinism would also disagree, and has been doing quite well, thank you, even if he's not very popular. And Solipsism ... well, what can one say about him. He's consistent, but nobody else believes in him.

Then there's the Virtual Worlds hypothesis (which, I suppose, is a variant on Hidden Variables that HASN'T run into any problems).

None of these say that you can predict the result, but some of them disagree about it being random. And some of them waffle.. Super Determinism and Hidden Variables don't even say that there won't ever be any way to make a prediction. At least not clearly enough to be understood.

Of all these interpretations, only Copenhagen unreservedly states that the results are random. (Many Worlds agrees with him, but so redefines the term that they are in essential disagreement.)

Re:What is "more random"?

[Onymous+Coward]

Via Padlock: SHA, AES, Montgomery Multiplier, RNG

RNG on my Via Esther C7 1GHz produces about 2.3 MB/s. It's come in handy.

Re:What is "more random"?

[blueg3]

Bell disagrees, and is backed up by empirical measurement.

Re:What is "more random"?

[Daniel+Dvorkin]

True random means that each item in your possibility list has equal chances of occurring.

This is so utterly, completely, absolutely wrong that it's "not even wrong."

Please, for God's sake, read up on the concept of random variables before you attempt to make any judgement whatsoever about anything having to do with random number generation.

Re:What is "more random"?

[slimjim8094]

/dev/random, at least on a Linux box, is truly random. That's what's so cool about it. Network I/O, current system time, noise in the processor temperature measurement... the list goes on. You can even write to it IIRC.

But as you say, it's really slow. I think /dev/urandom uses /dev/random as a seed, and it never blocks. So it's still good enough for like a SSH key.

Re:What is "more random"?

[dissy]

This is so utterly, completely, absolutely wrong that it's "not even wrong."

Please, for God's sake, read up on the concept of random variables before you attempt to make any judgement whatsoever about anything having to do with random number generation.

http://en.wikipedia.org/wiki/Quasi-random

Perhaps you would be so kind as to explain why the internet is wrong, and what your knowledge is that is so much more different?

Of course I would never so much as think of refuting such a solid and well founded argument as "You're so wrong! But never mind how..."

Re:What is "more random"?

[dgatwood]

I didn't make that claim. I refuted the claim that there are things that are definitely nondeterministic. There's a difference.

Re:What is "more random"?

[TexVex]

Bell inequalities don't melt a brain that believes the universe is completely deterministic.

Re:What is "more random"?

[radtea]

Experimental violation of Bell's inequalities indicates that either the universe is not locally deterministic (which is equivalent to being acausal, for obvious relativiistic reasons) or it is superdeterministic.

Those are the only two choices: the specific interpretations you put on the violation of local determinism all amount to the same ultimate phenomonology, which is truly unknownable things, like when a radioactive atom is going to decay. If the decay can be caused by something outside of our backward light-cone, it is for all practical purposes acausal, and always will be, unless you believe time travel is possible. I don't, personally.

Superdeterminism is not a theory that anyone sane would choose to believe in. There are no self-consistent arguments that can be advanced in its favour, and anyone who does advance an argument in its favour is simply guilty of either hypocrisy or stupidity, as an argument is nothing but a purported reason to choose one belief over the another.

Nor is it clear why a superdeterministic universe would happen to come about in such a way that Bell's Inequalities were always violated. Nor does superdeterminism give us any reason to believe that Bell's Inequalities will continue to be violated tomorrow. But of course, the very act of anyone anywhere being convinced that superdeterminism is true proves it false, so it isn't a very interesting theory on any account.

Re:What is "more random"?

[Andy+Dodd]

Intel had one based on drift between two ring buffer oscillators, one of which was perturbed by a noise source (Zener I think?). They ran at significantly different frequencies (one around 100x the other), and the slow oscillator was used to sample the state of the fast one. This resulted in a reasonably random series of bits. Additional methods (read literature on HWRNG design) were used to de-bias the results even further.

This HWRNG was built into quite a few of their chipsets, I think it was around the Pentium III days. For whatever reason this capability was removed in newer chipsets.

Re:What is "more random"?

[Andy+Dodd]

This is false. Using a physics-based approach (relying on the fact that many natural processes are truly random), one can generate random numbers by sampling natural processes.

Common approaches include measurement of Zener diode noise, ring oscillator drift.

Less common approaches include taking a picture of a lava lamp and hashing the pixel values using SHA.

Re:What is "more random"?

[LainTouko]

Use /dev/urandom. There is virtually no reason to use /dev/random as a source of randomness instead of /dev/urandom. The only difference is that /dev/random blocks if it doesn't like the amount of entropy it's got. While this is highly annoying, there are almost no scenarios in which it is a genuinely useful security precaution. Only use /dev/random if you have a thorough security analysis telling you exactly why /dev/urandom is dangerous but /dev/random is safe for what you're doing. Don't use /dev/random out of some vague idea that it's 'more secure', this is very rarely the case.

Re:What is "more random"?

[Frequency+Domain]

This is so utterly, completely, absolutely wrong that it's "not even wrong."

Please, for God's sake, read up on the concept of random variables before you attempt to make any judgement whatsoever about anything having to do with random number generation.

http://en.wikipedia.org/wiki/Quasi-random

Perhaps you would be so kind as to explain why the internet is wrong, and what your knowledge is that is so much more different?

I'm not the person you're directly responding to, but let me have a go at it.

• The link you provided cites Wikipedia. Wikipedia is not an authoritative source.
• A Wikipedia article that starts with "This article is in need of attention from an expert on the subject" is REALLY not an authoritative source.
• The link you provided talks about Uniform distributions as an example to illustrate low discrepancy sequences, not to define them.
• The link you provided is irrelevant to defining randomness.

Re:What is "more random"?

[Daniel+Dvorkin]

The internet isn't wrong (at least not in this case.) Your reading of what it says is.

First of all, if you actually read the definition of "low-discrepancy sequence" in the article you link to, you'll notice that it is not equivalent to the phrase you used, "each item in your possibility list has equal chances of occurring." Equal probability is necessary, but not sufficient.

Second, and more importantly, at the end of the first sentence of the second paragraph, there appears the phrase "in the case of a uniform distribution." This is the key to understanding the article. A uniform distribution is one, and only one, of an infinite number of distributions; and in any other distribution, outcomes do not occur with equal probability. Normal (aka Gaussian), Poisson, binomial, gamma, Weibull ... perhaps you've heard of some of these? Numbers sampled from any of these distributions are random; none of them is more or less random than the others.

Most computer RNGs generate uniform pseudo-random numbers, this is true, because it's very easy to convert a uniform sample into a sample from any other distribution. But the underlying distribution has absolutely nothing to do with any definition of randomness -- if you come up with a device that quickly and efficiently generated true random numbers from, say, a Poisson distribution (which IIRC is what the cosmic-ray-detector RNGs use) it will serve just as well.

Re:What is "more random"?

[maxwell+demon]

Not Heisenburg so much as Bell.

First: Heisenberg.
Second: Even Bell only proves randomness on the assumption of locality. Non-local deterministic theories are still possible.

Re:What is "more random"?

[Bruce+Perens]

Doesn't this come back to Godel's theorem? You can't fully characterize the system from inside of the system.

Re:What is "more random"?

[khayman80]

If the decay can be caused by something outside of our backward light-cone, it is for all practical purposes acausal, and always will be, unless you believe time travel is possible. I don't, personally.

I also think that time travel is likely to be impossible. You're probably aware of this, but others might be interested to hear that FTL automatically implies time travel, unless a preferred frame exists... which wouldn't exactly conflict with special relativity's predictions but certainly would cast doubt on the elegance and universality of the principle of relativity.

I just thought that was really cool when I first heard about it. Warp drives automatically double as time machines, as long as you have fairly powerful "normal space" delta-v capability. Then it further worsened my suspension of disbelief during scifi shows where scientists hop around the galaxy in spaceships and then act surprised when they find a time machine. Even more disappointingly, all the time machines involve additional technobabble (above and beyond the already established FTL: slingshot around the sun, wormhole through solar flare, blah blah reverse polarity blah), when I've described a fairly simple maneuver in the first comment that can send almost any FTL ship in any show back in time.

Re:What is "more random"?

[Vellmont]

What exactly does "more random" mean in the summary?

Hard to say, since it wasn't defined in the article. One possibility is a measurement of entropy. Source A produces 100 bits, with 80 bits of entropy. Source B produces 100 bits, with 90 bits of entropy. Source B is considered "more random" than Source A. In this context you can think of entropy as how much the bits lack any pattern. Passwords are a good example. Typical passwords only have a few bits of entropy per character, rather than the full 7 or 8 bits it might take to store each character. So for a password you'd expect to only search through a few bits of space to correctly guess the password, since typically people pick passwords that form a pattern, so you can eliminate huge possibilities while guessing.

I think you're right that that once a source is "purely random", it can't be any more random. I'd also agree that this development isn't likely to make anything more secure. Security is always based on the weakest attack point. That's very very rarely the quality of randomness of an RNG. If you care about that sort of thing, cheap HW RNGs have been available for a decade at least. I've got one in my cheap VIA PC. It was fun to play around with, but I don't think for a minute it made anything much more secure on my server.

Re:What is "more random"?

[franl]

Quantum mechanics would like to have a word with you.

And Chaos Theory as well. Hell, you can get lots of very random bits by running the Entropy Gathering Daemon (http://egd.sourceforge.net/) configured to fetch weather satellite photos of the Web. It's not quantum randomness, but chaos works too.

Re:What is "more random"?

[Simetrical]

No, true random means the outcome cannot be predicted with certainty. What you're describing is one particular type of randomness known as the "uniform distribution". Gaussian or binomial random variables, for example, don't have equal likelihood for the outcomes but are still truly random.

In the sense of "random variable", yes. In the sense of "pseudo-random number generator", no. The relevant meaning of random here is "unpredictable": given the first n bits of a string, you should only have a 50/50 chance of guessing the next. This isn't the case if you're sampling the bits from a binomial or Gaussian distribution, only from a uniform distribution (or some approximation thereto).

20 times more random?

[Rockoon]

20 times more random?

umm.. errr... wha?

Re:20 times more random?

[arndawg]

It means that it takes Bruce Schneier an extra 0,019 seconds to figure out how to predict the sequence.

Re:20 times more random?

[tomtomtom777]

20 times more random?

I don't get it either. First they claim it's a true random generator that generates "purely random" numbers.

Then they proceed to explain that

... The degree of randomness possible depends on the size of the array ...

Can anybody tell me how this works?

Re:20 times more random?

[TheCarp]

Actually Bruce only has a 50% chance of getting the answer in 0.019 seconds. Chuck Norris however just hits the researcher with a round house so hard that his grandmother spits out the answer, 100% of the time.

Re:20 times more random?

[Strilanc]

I'm just going to assume they meant "can generate 20 times more entropy per second per cost-of-hardware than existing methods".

Re:20 times more random?

[fizzup]

I'm making a bit of a guess.

A random process can generate a random bit. If the process is random, then you can't predict with certainty what the next generated bit will be. However, what if the random process generates a one bit 90% of the time and a zero bit 10% of the time? Great! It's random, but you can predict what the next bit will be 90% of the time. I think this is what they mean when they say that a particular generator is not very random. It has a bias. The closer a generator is to having neutral bias, the more "random" it is, because there is less benefit to always picking the biased bit as the one that will come next.

A poor random source can be improved by combining many results into a single result. This is probably why a bigger array produces less predictable bits. Staying with the 90/10 example above and combining bits using exclusive or, we get the following truth table, with the likelihoods of the outcomes listed:

A xor B = R [P]
0 xor 0 = 0 [1%]
0 xor 1 = 1 [9%]
1 xor 0 = 1 [9%]
1 xor 1 = 0 [81%]

So by taking two results from this pretty terrible random variable, the combined result is a zero 82% of the time and a one 18% of the time. It's less predictable.

As you combine more and more bits, P(0) and P(1) asymptotically approach 50%. I'll do a hand waving argument to convince - you can google for the real deal. If you xor a bunch of bits together, the result is one if there are an odd number of one bits and zero if there are an even number of one bits. If you take a really long sequence of bits from a biased random source, the chance of having an even number of one bits is about 50%. The longer the sequence, the closer the probability is to 50%.

Re:20 times more random?

[Rockoon]

That doesn't wash. Sure, your math is good, but to attain a "20 times more random" effect, the bias would have to be greater than 97.5% predictable, which is completely ridiculous. Even a 60% predictability is ridiculous. Nobody is making such RNG hardware.

Re:20 times more random?

[fizzup]

It's hard to know what "20 times more random" means, alright. They probably measure randomness using entropy per bit, and then say that 1-H is smaller by a factor of 20, so therefore the numbers are 20 times more random.

Re:20 Times more random?

[aXis100]

I think you can do a frequency plot or X-Y and look for repeating patterns.

Obligatory Dilbert

[plover]

And one of my favorites: http://web.archive.org/web/20011027002011/http://dilbert.com/comics/dilbert/archive/images/dilbert2001182781025.gif

Re:Obligatory Dilbert

[Martin+Blank]

For those of us whose systems block the Wayback machine as an anonymizer, you might try http://dilbert.com/2001-10-25/ instead. (They started putting pretty much all of the old Dilberts online a few months ago.)

HM

[Arimus]

Would this beat methods such as leaky diodes or radio noise which some systems use to get random data?

Re:HM

[JamesP]

Probably not... flip flops need to be power cycled for this to work... As with a diode or radio noise you get lots of noise bw.

Re:HM

[Arimus]

So its a new technique but not really an improved one... I'll stick to generating random numbers off rf noise.

WiFi

[hey]

I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

Re:WiFi

[DoofusOfDeath]

I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

Brilliant! Just assign a bit based on whether or not it works in a given Ubuntu release!

Re:WiFi

[Lord+Ender]

So when you're generating your keys, all I have to do is blast your wifi and I can pick your keys for you? Cool!

Re:WiFi

[dgatwood]

Do your random number generators really use only a single entropy source?

Re:WiFi

[TechyImmigrant]

>I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

It's been done.

Re:WiFi

[omuls+are+tasty]

How is an infinite stream of 0s random?

Re:WiFi

[DoofusOfDeath]

How is an infinite stream of 0s random?

Because the random generator is always positive that the next value will be a "1".

Re:WiFi

[rastos1]

"That's the problem with randomness: you never really know."

20x more random than (radioactive decay) random?

[smoothnorman]

One person's random is another's expectation value

reproducibility

[domulys]

While this new technique may improve security, it seems to lack one important property of pseudo-random numbers that is required by many applications: reproducibility.

Good luck finding the bug in your program with a stream of randoms you'll never be able to reconstruct again.

Re:reproducibility

[msauve]

Just record the stream the first time, and play it back for testing.

Re:reproducibility

[TheCarp]

Well...if you need a predictable stream, then maybe you should capture a single stream, and keep feeding that into the program? Then you can feed the same sequence every time.

Certainly you are right but... with a very small amount of work (a facility for switching out the randomness source), you can work around it easily.

There are plenty of applications where, a strong source of randomness is needed, and reproducibility is not needed at all.

-Steve

Re:reproducibility

[RAMMS+EIN]

Horses for courses. If you want reproducible, you don't want true random. If you want security, you do.

Re:reproducibility

[DragonWriter]

While this new technique may improve security, it seems to lack one important property of pseudo-random numbers that is required by many applications: reproducibility.

That's rather the point of having an RNG rather than a PRNG. For applications that want reproducibility (and which therefore do not want actual randomness) you use a PRNG. For applications that want actual randomness you use an RNG.

Good luck finding the bug in your program with a stream of randoms you'll never be able to reconstruct again.

If there isn't a security reason to keep the random stream secret, you can always capture it as its generated and play it back if you need to reproduce results.

Re:reproducibility

[ljhiller]

While this new technique may improve security, it seems to lack one important property of pseudo-random numbers that is required by many applications: reproducibility. Good luck finding the bug in your program with a stream of randoms you'll never be able to reconstruct again.

Oh, come on people. This is a JOKE. It's Funny, not, fercrissakes, Insightful.

Re:reproducibility

[cxx]

I disagree -- there have been several times when I'll output the seed to a log so I can reproduce results, mainly to debug the software when I get unexpected outputs.

However, that doesn't reduce the need for true randomness.

Re:reproducibility

[zerus]

Scientific programming using Monte Carlo methods requires reproducibility based on some initial seed so that an analysis can be reconstructed. A good example of this is benchmarking a code for changes in compiler options. If the code is widely distributed, then a large set of random numbers is not as easily distributed as a Twister or other method. Also there would be problems with acceptability of the results of such a code if a developer were to distribute the code with a specific input and set of random numbers. The temptation to cherry pick results would be too high. For security purposes, where a one-time-pad approach is ideal, a truly random number is fine.

I don't particularly buy the authors approach though, because semiconductor physics is full of things that seem random at the moment, but then turn out to be entirely predictable once a suitable model is found. Sun Microsystems found this out years ago when they tried to base a random number generator based on the rate of soft failures from memory chips. They were using Boron as a dopant, which has a high probability of absorbing neutrons and decays with an alpha particle (He +2 atom), causing a hardware error. They claimed they had a perfect random number generator until they saw that the randomness was dependent on the location of the chips. Denver has more cosmic radiation than Miami, thus the randomness was actually Poisson (as are most things nuclear). The method was thus vulnerable to an attack based on the mean number of failures, which could be determined by knowing the physical location of the device.

Re:reproducibility

[Simetrical]

Horses for courses. If you want reproducible, you don't want true random. If you want security, you do.

For security, it depends. Cryptography requires some truly random numbers, typically, but pseudo-random number generators are often used as well. For example, you can construct a stream cipher from a pseudo-random number generator by using the pseudorandom stream as an infinite-length one-time pad, with both parties using the same (secret) seed. If the pseudorandom number generator is secure, the resulting stream cipher is provably secure as well (for some definitions of secure). This doesn't work if the stream is truly random.

This Is What's Wrong With Slashdot

[BitHive]

A comment containing absolutely nothing but handwaving conjecture is moderated "Interesting". Thousands of dilletantes stroke their neckbeards in contemplation. Hmmmmm, yes, what if that thing you said?

Re:This Is What's Wrong With Slashdot

[interkin3tic]

A comment containing absolutely nothing but handwaving conjecture is moderated "Interesting".

I often find conjecture to be more interesting than dull facts. GP was a good example, I personally find the mechanics of the random number generator to be boring. "It might be non-random but beyond our current prediction methods" is more interesting.

Also... hi, you're on the internet. What the hell did you expect?

Re:This Is What's Wrong With Slashdot

[lena_10326]

Admit it. You wanted the mod points.. didn't ya?

Re:This Is What's Wrong With Slashdot

[NeoSkandranon]

They all SAY that. most probably it has all the delicacy of the bristles on a hippo's ass.

Re:This Is What's Wrong With Slashdot

[Tetsujin]

Would you prefer tits or GTFO?

I'd prefer tits.

Re:This Is What's Wrong With Slashdot

[cxx]

Don't worry ... mod points are distributed randomly.

Random numbers

[Barlo_Mung_42]

9...9...9...9...9...9

Re:Random numbers

[Dwedit]

int getRandomNumber()
{
        return 4; // chosen by fair dice roll. // guaranteed to be random.
}
Thanks, XKCD

And random the day after that.

[overshoot]

I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

No, it's based on thermal noise. It truly is random, but bear in mind that there's a bias to each bit that has to be compensated out.

Metastable Flip flops still have bias

[wiredlogic]

There is no way they can prove that these flip flops don't have bias one way or the other. Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations. This makes it impossible to create a perfect Gaussian metastability function or to place a device at the apex of that function such that the probability is 50/50 of switching to 1 or 0. Hence, you will not achieve truly random results. Metastability is also affected by the power supply voltage and current. A cryptographic device employing this technique could be subject to attack by lowering or modulating the power supply in such a way as to create predictable "random" numbers. i.e. make sure all the flip-flops transition to 1 or 0.

Re:Metastable Flip flops still have bias

[rkit]

A cryptographic device might perform online statistical checks to detect this kind of tampering.

Re:Metastable Flip flops still have bias

[ooooli]

You're confusing Shannon entropy and true randomness. If you have a string of bits that are created by a process that is truly random but has a bias, it's easy to transform it into an unbiased (but shorter) string.

The problem with pseudo-random generators is that they're really not random at all: They're determinstic functions that map a seed onto a sequence of random bits. If you know the function and the seed, you can predict all of it, which leads to potential vulnerabilityies. The point of truly random numbers is that there's no possible information you could have that would enable you to predict it.

Re:Metastable Flip flops still have bias

[tigre]

As pointed out elsewhere, 50/50 split is not so important, since that just impacts the % distribution of outcomes and can be corrected for. However, acheiving metastability without bias from the previous stable state is tricky, and as you mentioned tricks with the power supplies can make a huge difference.

Re:Metastable Flip flops still have bias

[Alef]

Hardware random number generators are often biased, and there are well known ways to deal with that. (See for example Wikipedia.)

Re:Metastable Flip flops still have bias

[deander2]

a bias wouldn't matter. simply use it as a seed into a fully generative cyclical group with a flat output distribution. (for example, any good hash function)

Re:Metastable Flip flops still have bias

[TechyImmigrant]

Read NIST SP800-90. It shows the way.

Re:meh, Schrödingers bit

[93,000]

No kidding - life was simpler back then.

Stupid P.E.T.A.

Re:Why not use the ultimate random number generato

[BarryJacobsen]

So your suggestion is to generate a random with a random? How do you get the random slashdot thread?

From the previous random, duh!

Taken to the next level:

[jwietelmann]

Here is a slightly-absurd-but-awesomme dice rolling machine.

Re:Taken to the next level:

[rainmayun]

Thanks, that occupied a good 15 minutes out of my work day.

Re:Taken to the next level:

[Tim+C]

As I promised earlier, if you donate to the site and are unhappy about the rolls, let me know and I will pull a die out of the machine, melt it flat and mail it to you, as an object lesson to the other dice. Tangible revenge.

Twisted; I like it.

Ratio sensitivity

[overshoot]

Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations.

That's one problem it won't have, since the initial condition is at the balance point of P vs. N. The bias would show up in the curvature of the gain function around the bias point. It's not a large bias, and it's likely to vary from one device to the next -- so the prudent designer would have to correct for each bit's history. Still, thermal noise is easier to work with than radioactive decay.

Re:Uhm

[JesseL]

http://en.wikipedia.org/wiki/Entropy_(information_theory)

Re:meh, Schrödingers bit

[Dunbal]

The only problem with the cat was they have 9 lives. No wonder we always kept getting live cats when we opened the box.

Somebody should name a law after this phenomenon

[Man+On+Pink+Corner]

Every x years, someone will find and publish a way to cure cancer... in mice.

Every y years, someone will invent and publish a way to treat phase velocity as if it were group velocity.

Every z years, someone will discover and publish a way to use metastable flip-flops to produce random numbers.

Link to actual paper

[scovetta]

http://pv.fernuni-hagen.de/docs/fechnerb_attack.pdf

Re:Obligatory TheDailyWTF

[danlip]

Obilgatory TheDailyWTF

Weather...

[BattleApple]

Weather forecasters [...] also use random numbers

Here in New England, it sure seems like they already pick the next forecast out of a hat.. I think more randomness may actually make the forecasts more accurate

Re:Or just flip a coin

[RAMMS+EIN]

Actually, I've heard on the radio that some researchers (didn't catch their names) have recently demonstrated that the probability of the coin landing with in the same orientation it started with is slightly higher than the probability of landing the other way. And you can train yourself to influence the probability. So 50/50 ... probably close, but not necessarily, and definitely not for every coin and every person.

Ask Slashdot

[michaelmalak]

20 times more random? how measurable is that?

I think we finally have the answer to Friday's Ask Slashdot.

I always just used a Geiger Counter....

[Hasai]

....wired to a serial port. Worked fine.

Re:Uhm

[jeffmeden]

Randomness, put simply, is the degrees of separation from which a given stream resembles Shakespeare. Or, if you prefer the top-down approach, the degrees it is separated from the plaintext output of a million monkeys at a million typewriters.

This is new?

[russotto]

Logic elements being in non-deterministic states is not new. In fact, often enough considerable effort must be spent to make sure they _don't_ go into nondeterministic states. And some troll Phillips has actually already patented this, in 2003 (6631390).

A caveat is that such non-deterministic states are often not completely random; they're influenced by such things as the previous value of the flip-flop, variations in the power supply, the state of nearby circuits, etc.

Re:Uhm

[TechyImmigrant]

I detect BS.

1 flip flop in a metastable state can produce at most 1 bit of entropy.

1 flip flip in a metastable state tends to produce in excess of 0.5 bits of entropy. It depends on many things, but done properly a normal circuit of this type wouldn't be producing anything nearly as small one 20th of a bit of entropy per flip flop.

The gains from combining an array of 20 flip flops to produce one really good entropic bit will only asymptotically take the randomness towards 1 bit per bit.

  TFA doesn't cite references, so it's hard to go and check.

Re:That's Cheating!!

[meuhlavache]

Exact, random don't exist.

When you throw the dice we can guess the number that will appear with : their original position, the movement of the hand, how fast they throw, the speed of wind [...] but true random is a lie !

Re:Or just flip a coin

[MasseKid]

Assuming this is true, unless you actually know if you are a "head flipper" or a "tail flipper" (assuming of course you allways start with the same orientation) as long as the distribution of "head and tail flippers" is the same, the randomness of a random person flipping a coin stays intact.

So...

[SnarfQuest]

This is where all those scratch monkeys went.

Good for cryptography, bad for statistics

[EdgeyEdgey]

TFA gives an example "Such simulations can test theories of hurricane formation, climate change, and the spread of disease epidemics, for instance." Which required repeatable random numbers.
For cryptography its fine though.

Re:Thls is a ranclom cornmenf

[Tetsujin]

Personally I like what I call "dice random" where there IS the possibility that you can roll the same number an infinite amount of times in a row.

Okay, I want all 1's, an infinite number of times in a row.

Probability of one 1: 1/6. Okay
Probability of n 1's: (1/6)^n. Okay
lim((1/6)^n) as n->infinity: 0. Wait, I thought you said there was a chance this could work!

Well, it isn't zero, it just approaches zero. Never actually gets there...

Probability of rolling a 1 on a single roll: 1/6
Probability of (n+1) 1's in a row: (probability of (n) 1's) * 1/6

No matter how many times you apply the inductive step, the result is greater than zero...

P.S. Who supplies your dice that can survive an infinite number of rolls? You could make a killing selling those to casinos. Once, anyhow.

Surviving an infinite number of rolls is not the problem... The real problem is that if you've got, say, a D20, and you get it to roll a 1 a large number of times, the ones will have all been rolled out. After that it'll have a hard time producing more 1's.

Re:Sexist and agist

[gestalt_n_pepper]

Humor. It's a concept.

FYI, 52 year old male. Software developer. Intermittently Incompetent. Or is that Mittently competent? Dammit, now I'm confused again.

That must mean...

[DJCouchyCouch]

They've developed 30-sided die?

Whatever it is - you need Dice-O-Matic

[peterofoz]

This 7 ft tall automatic dice roller reads the rolls with a camera and laptop and serves them for game play. http://gizmodo.com/5270195/automatic-dice-machine-records-13-million-rolls-a-day

Re:That's Cheating!!

[Fnord666]

When you throw the dice we can guess the number that will appear with : their original position, the movement of the hand, how fast they throw, the speed of wind [...] but true random is a lie !

When the degree of accuracy needed to determine position, motion, etc. go below the Planck length, it is no longer possible to make such predictions. In other words, for a sufficiently chaotic system true randomness does exist.

It's like "In Soviet Russia..."

[mister_playboy]

There is an attempt on /. to make a meme out of complaints in the form of "As a $X year old lesbian/feminist grandmother and $Y programmer of $Z years, I find this offensive".

Grandparent post is just trolling.

Re:It's like "In Soviet Russia..."

[gestalt_n_pepper]

Missed that one. I tend to stick to Cowboy Neal.

Now, all of you, GET OFF MY LAWN!

Re:It's like "In Soviet Russia..."

[stinkytoe]

I tend to stick to Cowboy Neal.

This encourages a mental image that i would rather not have.

Looks way too "classical physics" style.

[Hurricane78]

I would like to see a quantum physics approach to this. You know, acknowledging probabilities in measurements, quantization of state, etc.

Sounds Sophisticated--or not really random.

[bill_kress]

As I understand it, the only truly random things in our universe involve some kind of quantum interaction--everything else is a reaction to something else.

But on the bright side, if they supplied a large number of quantum elements, they could always keep the other half "in-house" so they'd know when you'd used them all and needed more bits...

This whole quantum thing confuses me.

Re:Thls is a ranclom cornmenf

[FST777]

It isn't infinite, it just approaches infinite. The changes that you roll 1 an infinite number of times (as great-grandparent stated) is effectively zero. You'll never throw the dice that often, and even if you do, it will never, ever be all 1's.

Re:Somebody should name a law after this phenomeno

[tjb]

Every y years, someone will invent and publish a way to treat phase velocity as if it were group velocity.

Isn't this what a time-domain equalizer does? (if imperfectly due to finite delay in any useful implementation)

Re:Somebody should name a law after this phenomeno

[Man+On+Pink+Corner]

Mostly it pops up when someone is convinced they've found a way to transmit information faster than c.

Re:Thls is a ranclom cornmenf

[Ambiguous+Coward]

The real problem is that if you've got, say, a D20, and you get it to roll a 1 a large number of times, the ones will have all been rolled out. After that it'll have a hard time producing more 1's.

Fact!

Re:Sexist and agist

[MillionthMonkey]

Why is it always the grandmother and not the grandfather that is considered the most incompetent?

It's payback for all the TV commercials with people from later generations, where the incompetent guy always has to get schooled by his more intelligent wife. In reality all the smart wives are feminist C programmers but the commercials don't get into that.

And why older people?

As someone who is aging himself, I find this rather obvious.

Slashdot is home to some of the most racist techies.

You just shot yourself in the foot there, Mrs. C. Sexist and ageist I can believe, but not racist, unless people are keeping it to themselves. (Except for a couple null-pointer morons who paste racist, "N-word" laced shit as a FP and get modded down to hell.)

Aw heck I got an easier method

[al0ha]

sample the last n number of twits on Twitter at any given second. That is true randomness for sure.

Re:Aw heck I got an easier method

[al0ha]

Agh just realized I have to please the trolls - my suggestion is merely a pointer to a concept, not the implementation, one would not actually use only the count of twits at any given second.

have another one...

[kikito]

return 4

Redeeculous.

[Ancient_Hacker]

We have perfectly good physical random-number generators -- your basic Boltzmann (Johnson) thermal noise is just the ticket. Hook any resistor above absolute zero to a A/D converter and you have a few microvlots of random noise-- after an A/D converter, a nice stream of random numbers. Well, not quite, A/D converters are less than perfect, so you'll just get semi-random numbers with a slight bias towards the A/D converter's nonlinearities. But pretty darn good.

If that's too weal a signal, you can avalanche a diode and get VOLTS of noise. ... or you could metastable some flip/flops.... but if you do you'll get HORRIBLE random numbers, as the metastable state amplifies and unbalances in the flip/flops. i.e. if one flip flop has one microvolt of unbalance towards the "1" state, the unbalance increases exponentially in just a few nanoseconds, making it most likely it will go into the "1" state solidly a very high percent of the time..

Stick to Johnson (resistor) noise, avalanche diodes, or even beta emitters. Forgit the metastable flippers.

Re:That's Cheating!!

[meuhlavache]

for a sufficiently chaotic system true randomness does exist.

Chaos is based on this theory : Small differences in initial conditions (such as those due to rounding errors in numerical computation) yield widely diverging outcomes for chaotic systems, rendering long-term prediction impossible in general.

This theory is really interesting but, in this case, you believe in "impossible" ? Near-to-infinite number of conditions mean they are predictable, they just immeasurably hard to predict.

I'm not a specialized in this kind of brain's food, maybe you got some reading for me to show me where I'm wrong.

A simple Circuit Really

[Gim+Tom]

A very simple circuit of properly biased IF-MAYBE gates in a feedback loop with OCCASIONALLY-PERHAPS registers will produce an infinite string of perfectly random bits which can then be sampled to give perfect random numbers. I would swear that every computer I have worked on (going back to a PDP-8i) has had one or more of these somewhere -- undocumented of course...

RANDOM.ORG

[rbannon]

RANDOM.ORG offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. People use RANDOM.ORG for holding drawings, lotteries and sweepstakes, to drive games and gambling sites, for scientific applications and for art and music. The service has existed since 1998 and was built and is being operated by Mads Haahr of the School of Computer Science and Statistics at Trinity College, Dublin in Ireland.

http://www.random.org/

Re:That's Cheating!!

[meuhlavache]

Near-to-infinite number of conditions mean they are predictable, they just immeasurably hard to predict.

Just a little fix : I mean small differences cause yield widely diverging outcomes, but "yield widely diverging outcomes" is predictable !

Planck length : Because of the tininess of the Planck length (about 1020 times smaller than the diameter of a proton) there is no hope of directly probing this length scale in the foreseeable future.

If something goes below Planck length, it's not predictable because it disapear (simplfication) ?
Things are (probably) predictable. I talk about an hypothetical situation, nothing provable as is, but it's not impossible.

Does it really matter??

[brunes69]

How many times have you ever heard of a cracker breaking a system nowadays because the RNG was not sufficiently random???

Yes i know there have been instances where a crack was due to TOTAL LACK of an RNG (as in, the RNG was not implemented properly), but due to a properly implemented RNG with just a lack of entropy? Not that I recall.

I guess I don't get why there is a market large enough for this to warrant the research. There are several hardware-based RNGs that guarantee as close to "true randomness" as is possible by modern physics, and if you wanted true randomness, you would use one of those, not this half measure.

For me, my /dev/random based off my network traffic and mouse and keyboard and HD is good enough, thanks. Color me unconcerned.

Obligatory

[alexo]

From the era when Dilbert was funny.

Unnecessary for most purposes...

[SETIGuy]

There are already plenty of entropy sources on a typical PC, and the need for cryptographic strength randomness is rare enough that we can accumulate entropy without adding more hardware. We've already got timer chips, real time clocks, CPU cycle and instruction counters, mouse positions, graphics memory, audio inputs, accelerometers, rotation rate sensors on fans, temperature sensors on CPUs, motherboards, and disk drives, all the SMART data on the drives, packet checksums, and we currently aren't even using most of those. If you want to add entropy accumulators, use the ones we already have first. If they're not enough, it's fairly easy to add a white noise generator to your audio input. Plug in a radio tuned to static. Or even tuned to a station. It doesn't matter. Either has plenty of entropy. The sensors chip on my motherboard generates about 31 bits of entropy per read (probably due to spikes and sags on the power supply voltages) when read at 1 Hz. A drive's SMART data is probably good for a couple bits per second.

And how exactly is a metastable multivibrator a new thing anyway?

Re:Somebody should name a law after this phenomeno

[godrik]

Mostly it pops up when someone is convinced they've found a way to transmit information faster than c.

C is fast but go to assembly for real speed !

PS: I know c stands for celerity in your post.

SImple, good RNG

[dannycim]

I made a pretty darn good rng a while ago. Simply have three independent white noise generators made with two transistors and an op-amp each. The noise is generated by a transistor going into avalanche mode, and that's basically influenced by quantum states. The problem with using just one is that its output isn't 50/50. So you XOR two. You can stop there but if you're really paranoid, use a third to clock a latch so you can't event predict when the random bit changes. All in all the whole circuit fit in a box smaller about 2" x 3" x 1".

http://en.wikipedia.org/wiki/Diehard_tests were quite happy with the output.

With /dev/random & urandom, I don't care about it anymore.

20 Times more random?

[nanospook]

Can you really measure randomness?

Re:Thls is a ranclom cornmenf

[Tetsujin]

You'll never throw the dice that often, and even if you do, it will never, ever be all 1's.

Hey, every time I throw an infinite number of consecutive dice rolls, it has just as much a chance of rolling all ones as it does of rolling any other sequence...

Re:Thls is a ranclom cornmenf

[rjforster]

> Surviving an infinite number of rolls is not the problem... The real problem is that if you've got, say, a D20, and you get it to roll a 1 a large number of times, the ones will have all been rolled out. After that it'll have a hard time producing more 1's.

You havn't met my dice then have you. I swear the thinkgeek t-shirt spies have been watching my Tuesday night games.

Re:Or just flip a coin

[preda1or]

It was Persi Diaconis, Professor of Statistics at Stanford University.
Read the report here: http://news.stanford.edu/news/2004/june9/diaconis-69.html

Re:ThIS IS a rAndom COmMent 2

[retchdog]

Uh, chill out and get out of your basement.