On Sun, Jul 08, 2001 at 07:54:38PM +0200, peter k. wrote: > > At best, using your brain as a random number generator can only > > approach a true random number generator. Which then begs the question > > "Why don't you just use a true random number generator?" > > > > Why not write a perl script or something to read from /dev/random > > and generate random numbers? If there is something objectionable to > > doing than and preferential to using your brain, I can guarantee that > > you have just proven that using your brain is NOT a random number > generator > > (by the very nature of that preference). > /dev/random is only pseudo-random, isnt it? i'd have to buy a hardware > random number generator if i wanted it to be as random as my brain!? > and then the script is on my hd so an attacker knows how the password was > generated, how long it is, what kind of characters it contains, etc, isnt > that bad? > besides, im too lazy for coding such a perl script, i would rather download > a nice password generator from somewhere ;) 1) As it so happens, a pseudo random number generator would probably be better since it pretty much guarentees a uniform distribution of results (which is actually a measurement of the effectiveness of the generator) which a true random number generator would not. The difference is subtle and whether you consider a true random number generator superior to a pseudo random number generator depends on your application and preferences. For these purposes, it probably doesn't make a whole heck of a lot of difference. 2) /dev/random is closer to a true random number generator since it gathers entropy from a number of disrelated sources (interrupts, keystrokes, system calls, timers, etc, etc) than it is to a pseudo random number generator (which is generally based on a mathematically algorithm). Since much of the entropy from /dev/random comes from hardware sources, you're not going to get much better, short of a random number generator based on diode junction quantum noise or radioactive decay. 3) You're still making the false assumption that your brain is a good random number generator. It's not. No matter which way you cut it, your brain is biased. "Oh, an "A" would look pretty here." Since you are within your own brain, you are NOT an unbiased observer of it's workings and (by a little information theory) are incapable of judging (or even understanding) fully it's own workings. The best you could do is use some outside influence (dice, cards, /dev/random, etc) to provide random input to your though processes and you would still impose your own biases on the process with no way to detect those biases. Whether or not your brain would be a good random number generator (and I believe that the weight of opinion is that it would not be), you are incapable of judging whether it would be simply because you would not see your own biases. You can't judge it's randomness based on some proceedure you propose to imploy. You can only judge it through impartial, unbiased, testing of the output it generates. You can't do that for yourself. Although... Now that I think about it, it would be amusing to subject you to some of the "randomness" tests that pseudo random number generators are subjected to. Let's see... Generate 10,000,000 random 16-bit integers and let's test the distribution for uniform randomness... That might give us a start. :-) I found it interesting that you assumed that /dev/random was a pseudo random number generator. There are many good pseudo random number generators implimented in software algorithms alone (one could argue that all of them are). There is no need for a device in /dev, or any kernel interaction at all, to impliment a pseudo random number generator. Most of those are simple libraries of functions. Just initialize with some see value and extract to your hearts content. The fact that pseudo random number generators can be implimented as libraries of functions alone, should have told you that /dev/random was something significantly different, since it's not. /dev/random is an entropy gathering device and an entropy pool. When it runs out of entropy, you actually block on the device until the driver has a chance to accumulate more from the various sources within the kernel. That's not a pseudo random process taking place. Now, you can question the randomness of the various sources of entropy. I won't argue about that. I'll only argue that the driver has been subjected to various tests for randomness and other crypto packages find /dev/random type devices preferable to other sources, especially pseudo random devices. I would take the random output from /dev/random over your brain, or my brain, or any brain at any time. The brain is NOT random. It IS chaotic. There is a subtle, but significant, difference which a little study of fractal theory and chaos theory would illuminate for you. But that would REALLY be getting off topic here and this thread has probably gone on for much longer than is productive. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
