9

I am looking for affordable solutions that generate true random numbers.

I have found LavaRnd, which is a cryptographically sound random number generator. Does anybody has experience in this field and/or knows about other solutions?

PS: IMHO the SO question True random number generator did not really cover this


EDIT:

My curiosity is more of academic nature. I don't want to know about PRNGs that are good enough for practical applications. I know they exist and that they will do.

Of course, generating true random numbers will require hardware devices. That's why I tagged this with hardware.

Community
  • 1
  • 1
f3lix
  • 29,500
  • 10
  • 66
  • 86
  • Are you only interested in generating these numbers on your computer or do you need them to be generated elsewhere, like a client computer? I think I remember something about generating random numbers based on pixels in a bitmap. – WakeUpScreaming Mar 18 '09 at 15:20
  • related: ["Avalanche noise RNG for one-time pad use"](http://crypto.stackexchange.com/questions/4005/avalanche-noise-rng-for-one-time-pad-use) at the Cryptography Stack Exchange. – David Cary Jun 06 '13 at 02:01
  • You could try [a nice hot cup of tea](http://www.bbc.co.uk/cult/hitchhikers/guide/tea.shtml). – David Webb Mar 19 '09 at 07:31
  • I've always been a fan of the Quantum Random Bit Generator: http://random.irb.hr/ – job Mar 18 '09 at 15:25
  • Yeah, well... that doesn't help with local coding solutions, does it? – Seb Mar 18 '09 at 15:15
  • Short of attaching an untuned radio to your serial port (and even then it's suspect), there is very little help for local coding solutions. – Evan Mar 18 '09 at 15:19
  • LavaRnd does exactly that. It uses inputs from unpredictable devices such as overloaded CCDs or distorting analogue amplifiers. – slim Mar 18 '09 at 15:30
  • Bad idea… http://crypto.stackexchange.com/q/1619/12164 – e-sushi Apr 13 '14 at 05:24
  • As random number generators go I have always liked the one made from [lego](http://www.gamesbyemail.com/dicegenerator).... – TheAlbear Mar 18 '09 at 16:17
  • You want dice? [Meet dice-o-matic](http://gamesbyemail.com/News/DiceOMatic) :-) – Bergi Sep 30 '13 at 23:49
  • For true random numbers, nothing beats particle physics and the good old [Geiger Counter](http://en.wikipedia.org/wiki/Geiger_counter). You can get one with a [USB interface for around $200](http://www.blackcatsystems.com/GM/products/GM10GeigerCounter.html). – Tamas Czinege Mar 18 '09 at 15:39

5 Answers5

6

You didn't specify an environment.

From the documentation for Linux's /dev/random

The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bit of the noise in the entropy pool. From this entropy pool random numbers are created.

So this is a cryptographically secure random source, based on unpredictable input from such things as the arbitrary timings of ethernet packets, keyboard and mouse input, etc.

There's also Bruce Schneier's Yarrow PRNG server. Not truly random, but considered cryptographically secure.

... and also EGD, the Entropy Gathering Daemon. Written in Perl and hence portable across many platforms.

slim
  • 40,215
  • 13
  • 94
  • 127
  • I would wager that this is essentially what that LavaRnd program the OP mentioned does -- I don't think LavaRnd adds anything that isn't available in most OSes, except perhaps cross-platform portability. – rmeador Mar 18 '09 at 15:23
  • 1
    The Lava in LavaRnd is a real Lava lamp, the random numbers are computed from images taken with a webcam. Last I heard this wasn't a feature in most OSs. – starblue Mar 18 '09 at 16:18
  • 2
    I see no reference to a Lava lamp on the LavaRnd web site. It says their chaotic source is a CCD in a dark box. – slim Mar 18 '09 at 16:27
  • The original [Lavarand](http://en.wikipedia.org/wiki/Lavarand) _did_ use photos of a lava lamp. One of Lavarand's developers went on to help create [LavaRnd](http://en.wikipedia.org/wiki/LavaRnd), which got rid of the lava lamp and just used thermal noise from a camera in the dark. – cjm Jul 01 '11 at 09:25
5

I've always wanted to buy either the PCI or USB Quantum Random Number Generator, but I have no idea what they cost, and frankly it might be a lot! They do deliver a staggering 16 Mibit/s and 4 Mibit/s respectively of random numbers, though, usable on both *NIX boxes and Windows. That's more than I'd ever need!

Other than that, how 'bout a book full of 'em? A Million Random Digits with 100,000 Normal Deviates is perhaps the coolest book they sell on Amazon! I've yet to buy it, but it's only a matter of time. Must be very handy to have such a stock of true random numbers on your book shelve!

Sebastian Krog
  • 399
  • 4
  • 10
  • If you need fixed, untrustworthy random numbers, you can just use random.org. They are random insofar as they are generated by random physical phenomena, but shouldn't be used for security purposes. Perfect for Monte Carlo, but unsuitable for security. – nomen Nov 20 '12 at 00:15
  • It looks like prices are quite high indeed, around £1,000 for the USB and £1,600 for the slowest PCI. One good use though is to clear a hard drive with something like this `cat /dev/random >/dev/hdb1` would do well. (assuming their driver replaces the default `/dev/random` and adds their random data to it.) – Alexis Wilke Jan 05 '15 at 00:34
2

Fully addressing the issue is a broad topic.

Hardware random number generators exist. These use thermal noise or even quantum effects (in the fastest models) to generate high quality random numbers.

There are some suspicions that thermal noise random number generation may have "biases". That is to say, that some numbers are generated more frequently than others, in the extreme long term. The numbers generated are still truly random.

To see how this might be, consider an unfair coin which gives heads 60% of the time. Flipping the coin is still a random process -- it is just that we should expect 60% of them to be heads, in the long run. Acting out the random process encodes information, or "entropy", since any definite result is only one of many possible outcomes. On the other hand, a sequence of Heads and Tails generated with an unfair coin will contain less information than the same sequence generated with a fair coin!

The upshot is that for provable, paranoid-level security, you don't want to use a hardware random number generator's numbers directly. You want to feed them into a pool of entropy, which the random (but possibly biased) numbers can churn.

As a matter of fact, most hardware random number generators are designed to feed /dev/random, through the kernel (or the Windows equivalent), to deal with this bias/entropy issue.

On the other hand, any decent random number generator will be uniform enough to do Monte Carlo simulations, fast.

nomen
  • 3,626
  • 2
  • 23
  • 40
1

True random numbers in computing does not exist and never will. Computers are deterministic, in that if you repeat the same experience under the same environment, the same result will be achieved.

What you get with computers are pseudo-random numbers, mostly depending on current circumstances: date, time, other variables like memory being used, network traffic at the moment, etc.

For example, some online poker sites, to guarantee to some extent the randomness of their dealt hands, had to install specific hardware that takes the ambient noise and generates random numbers based on that (not only that, but it's a major factor).

So, to have pseudo-random numbers that approximate to true randomness, you'll need to take outside factors into account.

Seb
  • 24,920
  • 5
  • 67
  • 85
  • 1
    Your first statement is under heavy debate in quantum mechanics. – Mehrdad Afshari Mar 18 '09 at 15:12
  • 1
    Randomness is something you believe exists because you don't know how it happens. As soon as you discover the mechanics behind the scenery, it stops being random. Talk about predicting rainy days, for example. It couldn't be done 1000 years ago and seemed a random event; not anymore. – Seb Mar 18 '09 at 15:18
  • @Seb: Luckily, computers can do I/O, meaning they have access to randomness in the outside world -- see slim's answer. – j_random_hacker Mar 18 '09 at 15:27
  • 1
    @j_random_hacker: then, you're not talking about randomness in computing, but randomness in outside world. – Seb Mar 18 '09 at 15:30
  • @Seb: I apologise, your post is actually making the same point I was trying to make in my comment, somehow I got it backwards... :) – j_random_hacker Mar 18 '09 at 15:37
  • Seb, quantum randomness is *really* random. Not just a lack of information, but actual non-determinism. – Phil H Mar 18 '09 at 16:24
  • 1
    Well, I'm one of those who believe in a deterministic world, so I just believe that's not random but something we cannot predict, giving us the "sensation of randomness". Same with throwing the ball in a roulette. Now, this is getting more and more philosophic than algorithmic :P – Seb Mar 18 '09 at 16:51
  • Bell's Inequality is irrefutable proof of non-determinism at the quantum level. – nomen Nov 17 '12 at 02:13
  • @Seb I disagree. Rain is a horrible analogy because the science behind it was always there. Some ancient civilizations had ways to predict rain. The lottery numbers unfortunately are random and won't be predictable for a very long time. There are truly random events that doesn't have underlying causes. – user299709 Mar 15 '16 at 06:57
  • @user299709 You can't prove the non-existence of anything. Therefore you can't prove your last assertion. That's just your belief. In my previous comment I said I *believe* different :) – Seb Mar 16 '16 at 16:57
  • @user299709 are you suggesting that lottery numbers are pre determined by some divine intervention? – user299709 Mar 19 '16 at 00:13
1

There is an article in c't 2/2009 on true and pseudo random numbers. Other than LavaRnd also RandCam and VIA's PadLock are discussed.

starblue
  • 55,348
  • 14
  • 97
  • 151