its very random

© All Rights Reserved

10 views

its very random

© All Rights Reserved

- Key Generation For AES Using Bio-Metic Finger Print For Network Data Security
- Random
- Imbricate Cryptography
- Answer Tut10
- U0210180190.pdf
- Distributed Data Into Deduplication System With Security To Improve Reliability
- cryptography_tutorial.pdf
- Security issue and Cryptography in Cloud Computing
- John Hill Garments
- IntroductionToCryptography.ppt
- Java Security 4
- Multiple Disc
- simulacin
- 600_076
- Time Interval Maximum Entropy Based Event Indexing in Soccer Video
- el-gamal
- No of Flips for First Head
- Ch017tn Sm
- A SURVEY ON SECURE DEDUPLICATION SCHEMES.
- V3I2201419-libre

You are on page 1of 4

Mads Haahr

June 1999

Background

Oh, many a shaft at random sent

Finds mark the archer little meant!

And many a word at random spoken

May soothe, or wound, a heart thats broken!

Sir Walter Scott

Randomness and random numbers have traditionally been used for a variety of purposes, for example games such as dice games. With the advent of computers, people recognized the need for a

means of introducing randomness into a computer program. Surprising as it may seem, however,

it is difficult to get a computer to do something by chance. A computer running a program follows

its instructions blindly and is therefore completely predictable.

Computer engineers chose to introduce randomness into computers in the form of pseudorandom number generators. As the name suggests, pseudo-random numbers are not truly random.

Rather, they are computed from a mathematical formula or simply taken from a precalculated

list. A lot of research has gone into pseudo-random number theory and modern algorithms for

generating them are so good that the numbers look exactly like they were really random. Pseudorandom numbers have the characteristic that they are predictable, meaning they can be predicted

if you know where in the sequence the first number is taken from. For some purposes, predictability

is a good characteristic, for others it is not.

Random numbers are used for computer games but they are also used on a more serious scale

for the generation of cryptographic keys and for some classes of scientific experiments. For scientific

experiments, it is convenient that a series of random numbers can be replayed for use in several

experiments, and pseudo-random numbers are well suited for this purpose. For cryptographic use,

however, it is important that the numbers used to generate keys are not just seemingly random;

they must be truly unpredictable.

This vignette for the R package random is a transcribed version of the original essay by Mads Haahr that was

published in 1999 and is still available at http://random.org/essay.html. Hyperlinks from the original html document are also present in the pdf version. All errors introduced in the transformation from html to LATEX are solely

the responsibility of the R package maintainer, Dirk Eddelbuettel.

It is impossible to predict the unpredictable.

Don Cherry

Cryptographic algorithms come in a variety of flavors. Some are strong (meaning difficult to crack)

but make substantial demands to processing power and key management. Others are weak (meaning

easier to crack) but generally less demanding and therefore better suited for some applications. All

strong cryptography requires true random numbers to generate keys, but how many depends on

the encryption scheme. The strongest possible method, One Time Pad (OTP for short) encryption,

is the most demanding of all; it requires as many random bits as there are bits of information to

be encrypted.

True random numbers are typically generated by sampling and processing a source of entropy

outside the computer. A source of entropy can be very simple, like the little variations in somebodys

mouse movements or in the amount of time between keystrokes. In practice, however, it can be

tricky to use user input as a source of entropy. Keystrokes, for example, are often buffered by the

computers operating system, meaning that several keystrokes are collected before they are sent to

the program waiting for them. To the program, it will seem as though the keys were pressed almost

simultaneously.

A really good source of entropy is a radioactive source. The points in time at which a radioactive

source decays are completely unpredictable, and can be sampled and fed into a computer, avoiding

any buffering mechanisms in the operating system. In fact, this is what the HotBits people at

Fourmilab in Switzerland are doing. Another source of entropy could be atmospheric noise from a

radio, like that used here at random.org, or even just background noise from an office or laboratory.

The lavarand people at Silicon Graphics have been clever enough to use lava lamps to generate

random numbers, so their entropy source not only gives them entropy, it also looks good! The

latest random number generator to come online (both lavarand and HotBits precede random.org)

is Damon Hart-Davis Java EntropyPool which gathers random bits from a variety of sources

including HotBits and random.org, but also from web page hits received by the EntropyPools web

server.

Random.org

This is the third time; I hope good luck lies in odd numbers....

There is divinity in odd numbers, either in nativity, chance, or death.

William Shakespeare

The idea of using atmospheric noise to generate random numbers came up when some friends

and I were building a prototype of an online gambling system. Using noise in this way isnt a

particularly original idea, though. Other people thought of it before us, and as mentioned above,

there are already several public random number services out there, some of which use more advanced

methods. So, why yet another? The most important reason is because it was fun to make. The

second most important reason is that existing services are mostly for educative purposes and for

fun! I hope random.org will prove itself informative and fun but also useful for certain (non-critical)

applications that need random numbers. Random.org is the only service I know of which offers a

large (16K) block of numbers at once and which has a CORBA interface.

2

The way the random.org random number generator works is quite simple. A radio is tuned into

a frequency where nobody is broadcasting. The atmospheric noise picked up by the receiver is fed

into a Sun SPARC workstation through the microphone port where it is sampled by a program

as an eight bit mono signal at a frequency of 8KHz. The upper seven bits of each sample are

discarded immediately and the remaining bits are gathered and turned into a stream of bits with

a high content of entropy. Skew correction is performed on the bit stream, in order to ensure that

there is an approximately even distribution of 0s and 1s.

The skew correction algorithm used is based on transition mapping. Bits are read two at a

time, and if there is a transition between values (the bits are 01 or 10) one of them - say the first is passed on as random. If there is no transition (the bits are 00 or 11), the bits are discarded and

the next two are read. This simple algorithm was originally due to Von Neumann and completely

eliminates any bias towards 0 or 1 in the data. It is only one of several ways of performing skew

correction, though, and has a number of drawbacks. First, it takes an indeterminate number of

input bits. Second, it is quite inefficient, resulting in the loss of 75% of the data, even when the bit

stream is already unbiased. RFC1750 discusses skew correction in general and lists this method as

well as three others. Paul Crowley discusses skew correction for use with Geiger counters and also

maintains a page with implementations of a number of skew correction algorithms.

Statistics

There are three kinds of lies: lies, damn lies, and statistics.

-Benjamin Disraeli

The quality of random numbers can be measured in a variety of ways. One common method is to

compute the information density, or entropy, in a series of numbers. The higher the entropy in a

series of numbers is, the more difficult it is to predict a given number on the basis of the preceding

numbers in the series. A sequence of good random numbers will have a high level of entropy,

although a high level of entropy does not guarantee randomness. (As an example, a file compressed

with a software compressor such as gzip or winzip has a high level of entropy, but the data is highly

structured and therefore not random.) Hence, for a thorough test of a random number generator,

computing the level of entropy in the numbers alone is not enough.

A number of basic tests, such as the entropy test described above, were implemented by John

Walker from Fourmilab in form of his ent program. Here is what Johns program said about one

megabyte of numbers from random.org:

Entropy = 7.999805 bits per character.

Optimum compression would reduce the size

of this 1048576 character file by 0 percent.

Chi square distribution for 1048576 samples is 283.61, and randomly

would exceed this value 25.00 percent of the times.

Arithmetic mean value of data bytes is 127.46 (127.5 = random).

Monte Carlo value for PI is 3.138961792 (error 0.08 percent).

Serial correlation coefficient is 0.000417 (totally uncorrelated = 0.0).

3

Johns documentation for the ent program contains detailed explanations of each test, but they

generally show the random.org numbers to be quite good. The Chi Square test is probably the

most commonly used test for randomness, and numbers pass this test if the percentage figure falls

between 10% and 90%. Every single number generated at random.org is subjected to John Walkers

tests and the results are logged. The last twenty log entries at any time can be seen on the online

statistics page.

There are also other test suites for testing the quality of random numbers. A popular one is

the Diehard program by George Marsaglia. Unfortunately, this test suite seems not to have been

maintained for the last few years.

In April 2001, Louise Foley, a student of statistics at Trinity College, Dublin submitted a

comprehensive analysis of random.orgs numbers as her final year project. As part of the project,

Louise identified and implemented a series of five tests particularly suitable for true random numbers

and compared the quality of the numbers generated at random.org with those generated by Silicon

Graphics lavarand generator. Both generators passed the tests. Louises report is available online.

The Cryptography FAQ is a good introduction to cryptography.

RFC1750 discusses randomness for computer security purposes.

The Snake Oil FAQ warns that crypto software varies a great deal in quality and gives

guidelines as how to judge a given product.

True Random Numbers contains a review of several commercial hardware devices for true

random number generation.

Randomness for Crypto contains a large selection of links to online articles on randomness.

- Key Generation For AES Using Bio-Metic Finger Print For Network Data SecurityUploaded byijcsis
- RandomUploaded byJerry Galle
- Imbricate CryptographyUploaded bydurgeshpatil
- Answer Tut10Uploaded byAyrton Widiutomo
- U0210180190.pdfUploaded byAJER JOURNAL
- Distributed Data Into Deduplication System With Security To Improve ReliabilityUploaded byIJSTE
- cryptography_tutorial.pdfUploaded bysvd
- Security issue and Cryptography in Cloud ComputingUploaded byInternational Journal Of Emerging Technology and Computer Science
- John Hill GarmentsUploaded bySourav Roy
- IntroductionToCryptography.pptUploaded bySubburam Sivakumar
- Java Security 4Uploaded byPradeep Navalgi
- Multiple DiscUploaded bykerplah218
- simulacinUploaded byCristobal Coloriano
- 600_076Uploaded byoptisearch
- Time Interval Maximum Entropy Based Event Indexing in Soccer VideoUploaded byramalakshmiece
- el-gamalUploaded byvijayaraghavn
- No of Flips for First HeadUploaded byNitin Chauhan
- Ch017tn SmUploaded byAlejandroV2013
- A SURVEY ON SECURE DEDUPLICATION SCHEMES.Uploaded byIJAR Journal
- V3I2201419-libreUploaded byabdel_lak
- Unit4_IT412Uploaded byOni Hayabusa
- RssUploaded bymarshal robert
- PROTECTED DESKTOP ACCESS BASED ON USE OF MOBILE PHONEUploaded byInternational Educational Applied Scientific Research Journal (IEASRJ)
- An Overview of the SSL HandshakeUploaded byShyam Prasad P
- 641Uploaded byJit Sharma
- An Approach to Provide Safety over cloud using Efficient EncryptionUploaded byEditor IJRITCC
- ProbabilityUploaded byBecky May Sajo
- Secure and Authentic Dual Steganography through HLSB with Blowfish Algorithm and DWT TechniqueUploaded byIJRASETPublications
- US Copyright Office: transcript-may2Uploaded bycopyright
- Notes Chapter1Uploaded bygarinps@telkom.net

- Jonas Ridgeway - The Astral Projection GuidebookUploaded byWombat83
- David Icke - Bible ErrorsUploaded byRadu Aurora
- 把妹达人中文版Uploaded byNick Wang
- 你不可不知的情场致胜秘密Uploaded byNick Wang
- Albert Einstein 3Uploaded byNick Wang
- Arnold Bennett - How to Live on 24 Hours a DayUploaded bytorrenttracker6
- A Queen Adored Englands Elizabeth IIUploaded byPeroPericZg
- A Biography of Henry FordUploaded byAurel Mota
- Easy EssaysUploaded byNick Wang
- Types of ShipsUploaded byJohn Green
- random.pdfUploaded bygreeblemeeble
- YRT cool stuffUploaded byNick Wang
- American Education System vs Asian Education SystemUploaded byNick Wang
- Gregg Shorthand Quick ReferenceUploaded byGavin Zou

- Lnotes BookUploaded byJulian Garzon
- PRBS VIUploaded bySelvasundar Kumar
- IS 28640-Random Variate Generation Methods.pdfUploaded byzilangamba_s4535
- TQP Development v. Adobe SystemsUploaded byPriorSmart
- TQP Development v. InFocusUploaded byPatentBlast
- Lecture Week 8Uploaded bysykim657
- New Experimentalism AppliedUploaded byErickson Santos
- Monte Carlo Simulation-projectUploaded byRatish Mayank
- CDDH Assessment Brief - Lab 2Uploaded bysyahman922
- Active Noise Cancellation Using Pseudo-Random MLB Sequences.PDFUploaded bySumanta Bhattacharyya
- Slide TutorialManual2Uploaded byrlpr
- Module-1Uploaded byRanjitha
- A Probabilistic Approach to Design Civil Engineering StructuresUploaded byLuis Horacio Martínez Martínez
- Monte Carlo MethodUploaded byanoopeluvathingal100
- List of ModulesUploaded byBrindha Devi
- 05-InputOutputUploaded byShy Drooler
- Simulation Modeling WorkshopUploaded byWadeReynes
- Drilling Coordinates Using MCSUploaded byC Sai Sudarshan
- How We Learned to Cheat in Online Poker: A Study in Software SecurityUploaded byThe1UPCashCoach
- Fully Complex Diffractive OpticsUploaded bykndprasad01
- cpe345_8Uploaded bygiffy25
- DAAUploaded bySubin Subi
- Tutorial 07 Probabilistic AnalysisUploaded bycandido
- 08 Random Number GenerationUploaded byRupa Dn
- 6 CSC446 546 RandomNumberUploaded byshahjada
- p185_mysterious Solution to HackersUploaded byjnanesh582
- Analysis of Spread Spectrum in Matlab(10)Uploaded byشيماءعبدربة
- Monte Carlo Simulation-projectUploaded byshastry
- Stan_Ulam_John_von_Neumann_and_the_Monte_Carlo_Method[1]Uploaded bythanassaras
- Lecture 9Uploaded byAhmad Shdifat