True random number generator [closed]

I have to disagree with a lot of the answers to this question.

It is possible to collect random data on a computer. SSL, SSH and VPNs would not be secure if you couldn’t.

The way software random number generator work is there is a pool of random data that is gathered from many different places, such as clock drift, interrupt timings, etc.

The trick to these schemes is in correctly estimating the entropy (the posh name for the randomness). It doesn’t matter whether the source is bias, as long as you estimate the entropy correctly.

To illustrate this, the chance of me hitting the letter e in this comment is much higher than that of z , so if I were to use key interrupts as a source of entropy it would be bias – but there is still some randomness to be had in that input. You can’t predict exactly which sequence of letters will come next in this paragraph. You can extract entropy from this uncertainty and use it part of a random byte.

Good quality real-random generators like Yarrow have quite sophisticated entropy estimation built in to them and will only emit as many bytes as it can reliably say it has in its “randomness pool.”

Leave a Comment