Researchers Discover Breakthrough Method To Generate True Random Numbers From Weak Randomness Sources

[Lucian Armasu]

Computer science professor David Zuckerman discovered a new method to generate high-quality random numbers out of weak randomness sources such as the stock market or weather temperatures.

Researchers Discover Breakthrough Method To Generate True Random Numbers From Weak Randomness Sources : Read more

 

[falchard]

Yea that's cool, but would it be as fast as my: ranX = [system time] % range + 1;

 

[anathema_forever]

Think this might have more than just ramifications for encryption this could be a breakthrough in math as well unless math already knew how to do this of course.

 

[tom10167]

Not to discredit all this, but how big will this be for encryption, isn't aes256 already by far the strongest link in the chain?

 

[heffeque]

Not to discredit all this, but how big will this be for encryption, isn't aes256 already by far the strongest link in the chain?

You know nothing, John Snow. The creation of random numbers has nothing to do with AES256.

 

[tom10167]

Thanks, I'll take your word for it, though some explanation of real world applications would be nice.

 

[heffeque]

Thanks, I'll take your word for it, though some explanation of real world applications would be nice.

I guess I didn't make things easy.
This might help you understand how AES works: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Interestingly enough, it's actually possible to use AES to get a random number... but then again... what "is" random? http://postimg.org/image/kzn9ljuyp/

 

[turkey3_scratch]

This is incredible and groundbreaking! It's also very weird, because I was thinking yesterday of ways in my head on how to create a random number better. One of my methods had to actually do with the wind, or weather. Basically, if you have some device which can measure airflow to the trillionths place, for instance, and take that last digit, it should be very random because obviously the airflow speed would easily change in the trillionths place constantly; there is no way it will be that constant.

Just my idea, though. I know there are some atomic things, perhaps radiation, that I have researched have some randomness to them. There are also add-on PCI cards for PCs that can generate more accurate random numbers that traditional methods.

 

[mavikt]

@turkey: What is an accurate random number...? I guess that if you could measure the growth rate of your beard to to the trillionth place, that would also be random, perhaps affected by your diet...

Anyways, from the article I understand that Oded Goldreich is gonna have to party like it's 1999 instead!

 

[turkey3_scratch]

That's the thing I question myself, what makes him so sure that his algorithm is truly random? Well, he never said truly random, only that it's more random than the current ones. And I'm not going to question somebody who has been researching this sole problem for 20 years straight.

 

[ComputerSecurityGuy]

Traditionally you just read from a psuedorandomly chosen RAM bit. There was a bad SSL incident when someone "patched" it.

 

[PhilFrisbie]

You need random numbers to create a salt. I have used a hash fed with several constantly changing variables such as the RDTSC on x86/x64 CPUs, the time in milliseconds, the PID of the running program, the system up-time, the name of the next temp file, etc.

 

[WarWolverineWarrior]

Least used color on screen would be a number and somehow make it pick out numbers from Pi.

 

[CerianK]

Late last year (and without a lot of fanfare), I also published a (preliminary) method of combining two weak random sources (one table based and one time based) with feedback to produce extremely random numbers (that passed all tests I ran). Are my numbers 'truly' random (like this new discovery purports) or can they be improved to be? I don't know, as yet. Anyway, here is the link: http://www.xtremevbtalk.com/tech-discussions/327902-code-snippets-web-spell-doom.html

 

[willie nugs]

Is it more random than taking a picture of the room your currently in, opening that .jpg file in notepad and just randomly highlighting a string of test from the middle of that file?

 

[gnarr]

@willie nugs, yes. Because 8 hours a day, the middle of your room is an overexposed windows which results in all the bytes in the middle of the file to be 0xff .

 

[f-14]

@turkey: What is an accurate random number...? I guess that if you could measure the growth rate of your beard to to the trillionth place, that would also be random, perhaps affected by your diet...

Anyways, from the article I understand that Oded Goldreich is gonna have to party like it's 1999 instead!

What is an accurate random number...? a number that doesn't follow a predictable path
? is not an accurate number for example.

 

[f-14]

*accurate RANDOM number that is

 

[bit_user]

What is an accurate random number...? a number that doesn't follow a predictable path
? is not an accurate number for example.

Since security is the primary application, let's keep it grounded in that.

Basically, a low quality random number is one where an attacker has fewer things to try, because they can predict parts of it. A high-quality random number is almost completely unpredictable, forcing them to search the whole key space.

 

[bit_user]

I trust that this is novel, but I do wonder how much of an advancement it is over Linux's /dev/random, which purportedly accumulates bits of entropy from various pseudo-random sources.

It'd be nice if someone explained the degree and nature of the advancement, here.