New Method for Random Number Generation Developed

Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."

generation of random numbers

the generation of random number is too important to be left to chance.

Re:generation of random numbers

[harlows_monkeys]

Unless you are Robert R. Coveyou, you should have attributed that.

XKCD Bait

[jgtg32a]

Lets play a game, what XKCD am I thinking of?

obligatory xkcd

[fuo]

always been one of my favorites... http://xkcd.org/221/

What is "more random"?

[onionman]

From TFA:

The team adds that the efforts of a cracker attempting to influence the array will be wholly obvious to a simple statistical analysis as -- depending on the type of attack -- either the whole array or single elements will be disturbed, whereas these are again selected randomly. So this true random number generator can protect systems against third-party snooping, potentially making private and sensitive transactions on the Internet more secure.

Now I'm really skeptical. A cracker who is able to "influence" the array might be able to influence it with a pseudorandom number generator that he/she can predict.

I think that hardware based RNGs, such as those detecting radioactive isotope decay, have been around for a while. I'm not sure how this one can provide more security, especially if the attacker has access to the hardware. I think that most gate transition thresholds can be influence by simple things like temperature anyway.

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

Re:What is "more random"?

[joggle]

In Numerical Recipes for C they list several benchmarks for determining how good one random number generator is compared to another (based on various statistics measures) so it certainly is possible for one method to be more random than another. Read chapter 7 of that book for all the details you could possibly want on this subject (with references to even more information).

One way of generating a good random number in Linux is using /dev/random (which uses a hardware-based random signal as its source, I don't recall the details). However, it isn't fast enough for most applications, outputting only a few bytes per second of random information, although it can serve as a useful seed for other random number generators. Just run 'cat /dev/random > random_bytes.bin' to see its output.

I'm curious what rate random information can be generated using the method in the article. I'm presuming it's fast enough that an application could rely solely on this data without having to use it as a seed for a pseudo-random number generator. The question is how long does it take for the hardware to get to the state where its next value is unpredictable--in the case of /dev/random it's relatively long.

Re:This is a random comment.

[TheCarp]

Still? Damn, my mother can't even do that anymore. I don't even want to think about my 87 year old grandmother giving it a try.

Re:WiFi

[DoofusOfDeath]

I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

Brilliant! Just assign a bit based on whether or not it works in a given Ubuntu release!

Re:This is a random comment.

[Martin+Blank]

You bring this up as a humor point, but it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. For example, if a 4-digit pre-generated PIN is not allowed to use certain sequence types such as sequential, all the same, paired pairs, etc., it may take a fair slice out of the available keyspace (not sure that's the right word, but it's close enough), at least enough to narrow down the ambiguity in case some hints about the PIN are known by an attacker.

It's less of a problem with longer passwords, as the maximum entropy for a given entry expands while patterns take smaller bites out the available space, but it does reduce the possible entropy slightly.

It also reminds me of a Dilbert strip where he visits the accounting trolls, and they take him to their random number generator, which is another troll saying, "9... 9... 9... 9..." Dilbert asks if it's really random, and the first troll says, "That's the problem with randomness: you never really know."

Re:20 times more random?

[TheCarp]

Actually Bruce only has a 50% chance of getting the answer in 0.019 seconds. Chuck Norris however just hits the researcher with a round house so hard that his grandmother spits out the answer, 100% of the time.

Taken to the next level:

[jwietelmann]

Here is a slightly-absurd-but-awesomme dice rolling machine.

Re:Random today, but still random tomorrow?

[Dancindan84]

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC.

To understand recursion one must first understand recursion.

Re:Or just flip a coin

[RAMMS+EIN]

Actually, I've heard on the radio that some researchers (didn't catch their names) have recently demonstrated that the probability of the coin landing with in the same orientation it started with is slightly higher than the probability of landing the other way. And you can train yourself to influence the probability. So 50/50 ... probably close, but not necessarily, and definitely not for every coin and every person.

Re:This is a random comment.

[Kozz]

Indeed. I listened to a podcast a while back in which Robert Krulwich (RadioLab?) discussed randomness with a researcher and how we think about randomness.

A scientist he interviewed stated that she assigned tasks to several different teams. For one team, she instructed them to flip a coin some fixed number of times (perhaps 100) and to then report the sequence of heads and tails (H H T H T T H T T T etc). For the second team, she instructed them to NOT flip a coin, but to simply write down a sequence that they think might be produced by the flipping of the coin. The teams each present their report, and she is not told which list was generated by which means.

However, she said it was easy to spot the "human" generated list, because it rarely contained a sequence of more than a few sequential entries of H H H H, for example. Whereas the truly random list might have even up to NINE sequential heads or tails. The average human just couldn't fathom such a "random" sequence [mathematicians excluded, naturally].

Re:Metastable Flip flops still have bias

[ooooli]

You're confusing Shannon entropy and true randomness. If you have a string of bits that are created by a process that is truly random but has a bias, it's easy to transform it into an unbiased (but shorter) string.

The problem with pseudo-random generators is that they're really not random at all: They're determinstic functions that map a seed onto a sequence of random bits. If you know the function and the seed, you can predict all of it, which leads to potential vulnerabilityies. The point of truly random numbers is that there's no possible information you could have that would enable you to predict it.

Re:WiFi

[omuls+are+tasty]

How is an infinite stream of 0s random?

Re:This is a random comment.

[nabsltd]

2 to the 9'th is 256, so most random sequences would not have had 9 sequential results in a row.

In a world where 2^9 = 256, absolutely anything can happen.