I was wondering how I would quickly check the randomness of a RNG. When I noticed a couple websites had randomly generated bmps. I guess with the human brain being an awesome visual pattern detector this is a quick and easy test. Anyhow I stumbled on this page from 2012 and figured I would share.
For security, you don't care whether random numbers are "truly random" or not; you care whether they're cryptographically secure. Your mental model should be of a stream cipher, which is a tool that stretches a short secret into a very long secret. The question you should ask yourself is, "have I fed this generator 16-32 bytes of unguessable material, and does it use cryptographically sound tools to spool out random bytes from that seed?"
Your kernel arranges to do this for you, and, for security-sensitive applications, is the RNG you should use to the exclusion of all others, "true" or not.
I feel like the question you've suggested people ask themselves is a bit over-complicated. Maybe the right way to phrase the question is instead just:
Can somebody else guess these numbers?
It doesn't actually matter whether bad guys can guess your numbers because you use Python's non-cryptographic PRNG or because you mistakenly overwrote the genuinely random numbers you had with zeroes, or they've planted a physical device inside your computer stealing the random numbers used, it only matters that they can guess the numbers.
It's also quite possible there is no such thing as "true" randomness. If one of the deterministic interpretations of quantum mechanics is correct and there's no other source of randomness in the laws of physics, then TRNGs are just looking at the output of chaotic systems, just like PRNGs are.
Random.org's atmospheric noise source isn't even quantum-mechanical, it's classical deterministic chaos. It's a PRNG with an enormous state.
One of the unknown corner cases in this space is that it implies hidden state. We've ruled out Local Hidden State with physics experiments, but you can't rule out Global Hidden State that way. There could be in this sense say, a 1MB global "random seed" for our universe.
In this model you can build Quantum Computers but when you build a really big one to, for example, attack traditional public key cryptography with Shor's algorithm it mysteriously doesn't work. This is because without you knowing it your Quantum Computer is using the global hidden state as scratch storage and it ran out.
Almost everything about this scenario is terrible news, but on the bright side you can't attack modern cryptography with a Quantum Computer because it won't work.
I'm not sure why you're being downvoted. It's not an unreasonable question/thought.
The heisenberg uncertainty principle says we cannot know both position and momentum perfectly at the same time where I believe your comment is originating from?
In theory, if we perfectly know the quantum information then a system's state is perfectly reproducible (probably not us... ultra aliens?) since no quantum information is ever lost (probably...). To my best understanding, this is the idea of the holographic principle[0].
No, just interpretations of QM, Heisenberg doesn't change anything here.
Wikipedia has a nice table[0]. Any deterministic interpretation says that the results of experiment are all entirely predetermined by the entire past history of the universe. This includes Heisenberg's principle, since what you choose to measure is also deterministic, and thus the imprecision is predetermined.
There's nothing in the laws of physics that rules out these interpretations. Thus, we can't definitively say that TRNGs exist in this universe. We also can't say that they don't, of course, since all the interpretations of QM make the same observable predictions and thus are equally likely to be correct.
FWIW, the information in this article is out of date.
For example, as the article picks on PHP, PHP now uses the Mersenne Twister for regular rand(), and gives access to a CSPRNG through random_int() and random_bytes(). By "now" here I mean as of five years ago.
It's still important for developers to understand the "P" in PRNG, but at least we have less possible foot-shooting by default in PHP now. (Evergreen statement!)
"Note: As of PHP 7.1.0, rand() uses the same random number generator as mt_rand(). To preserve backwards compatibility rand() allows max to be smaller than min as opposed to returning FALSE as mt_rand()."
Maybe somebody could run the code from the OP on Windows with a newer PHP and check?
There are many applications for which you definitely do not want a true random number. Sometimes you want your random numbers to exist in a uniform distribution, for example.
True random (vs pseudo-random) relates to whether the past outcomes of the generator provide any information about the future invocations. There is nothing stating that a true random generator can not conform to some distribution
There are cases where you might not want a true random generator, although this relates more to the importance of unpredictability versus the performance requirements for your domain.
Or maybe a more succinct way of putting it. You can sample random numbers from any distribution. There's nothing special about the uniform distribution except that it's one that people want most of the time.
22 comments
[ 3.1 ms ] story [ 82.5 ms ] threadhttps://news.ycombinator.com/item?id=5850067
Your kernel arranges to do this for you, and, for security-sensitive applications, is the RNG you should use to the exclusion of all others, "true" or not.
Can somebody else guess these numbers?
It doesn't actually matter whether bad guys can guess your numbers because you use Python's non-cryptographic PRNG or because you mistakenly overwrote the genuinely random numbers you had with zeroes, or they've planted a physical device inside your computer stealing the random numbers used, it only matters that they can guess the numbers.
It doesn't matter if it's "true" randomness or not. Unless of course you're looking to leverage the theoretical strengths of a one time pad.
Random.org's atmospheric noise source isn't even quantum-mechanical, it's classical deterministic chaos. It's a PRNG with an enormous state.
In this model you can build Quantum Computers but when you build a really big one to, for example, attack traditional public key cryptography with Shor's algorithm it mysteriously doesn't work. This is because without you knowing it your Quantum Computer is using the global hidden state as scratch storage and it ran out.
Almost everything about this scenario is terrible news, but on the bright side you can't attack modern cryptography with a Quantum Computer because it won't work.
The heisenberg uncertainty principle says we cannot know both position and momentum perfectly at the same time where I believe your comment is originating from?
In theory, if we perfectly know the quantum information then a system's state is perfectly reproducible (probably not us... ultra aliens?) since no quantum information is ever lost (probably...). To my best understanding, this is the idea of the holographic principle[0].
[0] https://www.youtube.com/watch?v=klpDHn8viX8
Wikipedia has a nice table[0]. Any deterministic interpretation says that the results of experiment are all entirely predetermined by the entire past history of the universe. This includes Heisenberg's principle, since what you choose to measure is also deterministic, and thus the imprecision is predetermined.
There's nothing in the laws of physics that rules out these interpretations. Thus, we can't definitively say that TRNGs exist in this universe. We also can't say that they don't, of course, since all the interpretations of QM make the same observable predictions and thus are equally likely to be correct.
[0]https://en.wikipedia.org/wiki/Interpretations_of_quantum_mec...
Open gate transistors, thermal effects, radiative effects...
(Not that there are not risks, and it is a mistake to assume on-die is not risky)
Unfortunately, they're essentially unauditable and sometimes frightfully broken, eg https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd...
Fun times
And if at boot time there's no stored entropy and no other sources, then it's better than nothing until more sources become available.
For example, as the article picks on PHP, PHP now uses the Mersenne Twister for regular rand(), and gives access to a CSPRNG through random_int() and random_bytes(). By "now" here I mean as of five years ago.
It's still important for developers to understand the "P" in PRNG, but at least we have less possible foot-shooting by default in PHP now. (Evergreen statement!)
https://web.archive.org/web/20191106104440/http://cod.ifies....
TL;DR the default Windows random number generator is (was?) an LCG[1], and that's what PHP calls into by default.
[1] https://en.wikipedia.org/wiki/Linear_congruential_generator
https://www.php.net/manual/en/function.rand.php
"Note: As of PHP 7.1.0, rand() uses the same random number generator as mt_rand(). To preserve backwards compatibility rand() allows max to be smaller than min as opposed to returning FALSE as mt_rand()."
Maybe somebody could run the code from the OP on Windows with a newer PHP and check?
True random (vs pseudo-random) relates to whether the past outcomes of the generator provide any information about the future invocations. There is nothing stating that a true random generator can not conform to some distribution
There are cases where you might not want a true random generator, although this relates more to the importance of unpredictability versus the performance requirements for your domain.