True Random Number Generator
in [Cryptography]
|
From: Tom St Denis on 20 Jan 2010 14:09 On Jan 20, 11:50 am, jmorton123 <jmorton...(a)rock.com> wrote: > I've made available on my website several basic random number utility > programs all of which are freeware. One is a true random number > generator. Of course to implement a true random number generator you > must have a random source phenomenon. That's where you come in: YOU > are the random source. Here's how it works in a nutshell: You do realize the most modern OSes trap interrupts and events to harvest entropy from right? Even Windows has a CSP function CryptGenRandom() [or something like that] for reading RNG output. In most *NIX OSes you'd use /dev/urandom. Tom
From: Dave -Turner on 20 Jan 2010 14:19 great, now you've blown the secret :)
From: jmorton123 on 21 Jan 2010 10:43 The clock time used is 1000 ticks per second. If there is a bias it must be incrediblly small because a computer cannont fuction with any significant clock bias nor can an operating system. Furthermore, any insignifiant bias which you indicate that may be present is completely washed out by the randomness of the click moments entered by the user. Lastly, you need to ask youself: can these random numbers be reproduced? I think not. Thank you. I cosmetically updated 4 of the utility programs by changing the wording on a button from "Character" to "Decimal" and / or added the word "decimal" in the instructions to these files: BinaryToCharacter.exe ButtonRows.exe RandomClick.exe RandomClick_True.exe On Jan 20, 9:00 am, unruh <un...(a)wormhole.physics.ubc.ca> wrote: > On 2010-01-20, jmorton123 <jmorton...(a)rock.com> wrote: > > > > > > > Nine years ago I used to frequent this group regularly. On 9/11 I > > took down my site. To cut to the chase: > > > Everyone knows that the key (pun intended) to encryption security is > > having a source of random numbers. True random number generators have > > been discussed often enough. > > > I've made available on my website several basic random number utility > > programs all of which are freeware. One is a true random number > > generator. Of course to implement a true random number generator you > > must have a random source phenomenon. That's where you come in: YOU > > are the random source. Here's how it works in a nutshell: > > > When you start the program it saves the system time. Each time you > > click the mouse or press the enter key, the time is once again > > stored. Then the start time is subtracted from the mouse click time. > > Then this difference is used to access an array that contains the > > binary numbers from 0 - 255. > > That does nothing for the randomness. > That time is liable to have large biases in it, that this will not > eliminate, > > > > > So with each click the time difference will continuously vary and thus > > the array access will continuously vary and the generated number will > > continuously vary. I recommend that you vary your click rate perhaps > > by varying which fingers you use and by changing up between the mouse > > click and the enter key press. > > I sure would not trust this to deliver random numbers with very high > entropy. > > What you need to do is to analyse the generators so as to be able to > estimate their "randomness". > > > > > > > Some of the other utilities available may be useful to you for general > > purposes such as a utility that reads a binary file and exports the > > same file in character format. Or a utility that will append one file > > to a second file. Or a utility that will XOR any one file with > > another. Again, all of these utilities are freeware and there is > > nothing for sale on the website. Just click and download. > > > Here's the URL: http://www.kingkonglomerate.com Detailed > > instructions of each utility program are on the download page and > > included within each freeware program.- Hide quoted text - > > - Show quoted text -- Hide quoted text - > > - Show quoted text -
From: Noob on 21 Jan 2010 11:03 Tom St Denis wrote: > You do realize the most modern OSes trap interrupts and events to > harvest entropy from right? Even Windows has a CSP function > CryptGenRandom() [or something like that] for reading RNG output. In > most *NIX OSes you'd use /dev/urandom. Or /dev/random depending on the situation. http://en.wikipedia.org/wiki//dev/random
From: Tom St Denis on 21 Jan 2010 11:33
On Jan 21, 11:03 am, Noob <r...(a)127.0.0.1> wrote: > Tom St Denis wrote: > > You do realize the most modern OSes trap interrupts and events to > > harvest entropy from right? Even Windows has a CSP function > > CryptGenRandom() [or something like that] for reading RNG output. In > > most *NIX OSes you'd use /dev/urandom. > > Or /dev/random depending on the situation. > > http://en.wikipedia.org/wiki//dev/random There's usually no real need to use random over urandom [hint: they're both adequate but equally miserably written]. Tom |