Views
The lack of sufficient entropy is the Achilles Heel of cryptography and anyone who considers arithmetical methods of random sequence generation is, of course, in a state of sin. (D. Knuth, The Art of Computer Programming: Volume 2, Seminumerical Algorithms, 2nd edition, Addison-Wesley, 1981.) With a tip of the hat to Bruce Schneier:
Random sequence generators [in any modern computer] are not random because they don't have to be. Most simple applications, like computer games, need so few random numbers that they hardly notice. However, cryptography is extremely sensitive to the properties of random number generators. Use a poor random sequence generator and you start getting weird correlations and strange results. (S. K. Park and K. W. Miller, "Random Number Generators: Good Ones Are Hard to Find," Communications of the ACM,v. 31, n. 10, Oct 1988, pp. 1192-1201. I. Peterson, "Monte Carlo Physics: A Cautionary Lesson," Science News, v. 142, n. 25, 19 Dec 1992, p. 422.) If security depends on your random number generator, weird correlations and strange results are the last things you want.
The problem is that a random number generator doesn't produce a random sequence. It probably doesn't produce anything that looks even remotely like a random sequence. Of course, it is impossible to produce somthing truly random on a computer. Knuth quotes John von Neumann as saying: "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." (Knuth, The Art of Computer Programming: Volume 2, Seminumerical Algorithms, 2nd edition, Addison-Wesley, 1981.) Computers are deterministic beasts : stuff goes in one end, completely predictable operations occur inside, and different stuff comes out the other end. Put the same stuff in on two separate occasions and the same stuff comes out both times. Put the same stuff into two identical computers, and the same stuff comes out of both of them. There are only a finite number of states in which a computer can exist (a [very] large finite number, but a finite number nonetheless), and the stuff that comes out will always be a deterministic function of the stuff that went in and the computer's current state. That means any random sequence generator on a computer (at least, on a Turing machine) is, by definition, periodic. Anything that is periodic is, by definition, predictable. And, if something is predictable, it can't be random. A true random sequence generator requires some random input; a computer can't provide that.
But, a computer accessory can. The only source of "True Randomness" that physicists and other scientists universally agree on is nuclear decay.
UPDATE: SparkFun is now selling this item.
So, we take a little radioactive nuclear waste. (Just about anything will do, the cheaper and hotter the better.) Encase it and a Geiger-Mullen Tube in epoxy. Add a power supply, a time base (which need not be very good) and a counter (like gumstix). Mix in LinuxCNC and a simple program. Presto! Entropy!
One-time pad generator
See Also
- A Perfectly Random Linux Kernel Module (work-in-progress)
- HotBits: Genuine random numbers, generated by radioactive decay
- Rubisync
License
This document is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License (cc-by-sa).