Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Method for Random Number Generation Developed

ScuttleMonkey posted more than 4 years ago | from the lots-of-coin-flipping dept.

Math 395

Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."

cancel ×

395 comments

Sorry! There are no comments related to the filter you selected.

This is a random comment. (1, Funny)

MillionthMonkey (240664) | more than 4 years ago | (#31233882)

uixon8wg2gvw

Re:This is a random comment. (1)

Pete Venkman (1659965) | more than 4 years ago | (#31233950)

No non-alphanumerics? You call that random? My grandmother can do better than that!

Re:This is a random comment. (3, Funny)

MillionthMonkey (240664) | more than 4 years ago | (#31234024)

Your grandmother can generate non-alphanumeric random characters?

Man, no wonder you're here.

Re:This is a random comment. (3, Funny)

Anonymous Coward | more than 4 years ago | (#31234312)

He's here because his grandmother can generate babies.

Re:This is a random comment. (4, Funny)

TheCarp (96830) | more than 4 years ago | (#31234362)

Still? Damn, my mother can't even do that anymore. I don't even want to think about my 87 year old grandmother giving it a try.

Re:This is a random comment. (1)

courteaudotbiz (1191083) | more than 4 years ago | (#31234046)

Depends on the scope. If you want a random "comment", the scope of characters used is alphanumeric, with some punctuation.

If you want a random binary sequence, the ASCII result would less likely be readable.

If you want a random number, chances are you'll get only digits.

Re:This is a random comment. (0)

Anonymous Coward | more than 4 years ago | (#31234266)

How about this as random?

Sr5&8w796Z6W9mVVM7HAuv43Yg8D523QwTf25646@SEKKEP3#m2t3f@2ap95295437852^5262S*qMK#b&B#^aXbxNfRQudSCz9P

Statistically, (1)

BhaKi (1316335) | more than 4 years ago | (#31233962)

this one too.

Re:This is a random comment. (1)

courteaudotbiz (1191083) | more than 4 years ago | (#31233964)

Just half random: The title isn't.

Re:This is a random comment. (1)

dkleinsc (563838) | more than 4 years ago | (#31234068)

And the half that is random is not very random, given that it's relatively short, all lower-case letters and digits, and emphasizes keys that can be found towards the middle of a QWERTY keyboard.

Re:This is a random comment. (3, Insightful)

MillionthMonkey (240664) | more than 4 years ago | (#31234204)

The set of all random numbers does not exclude "non-random-looking" numbers. I just cherry-picked one for you.

Re:This is a random comment. (0)

Anonymous Coward | more than 4 years ago | (#31234316)

A number can't be inherently random, so there's no "set of all random numbers".

Re:This is a random comment. (4, Insightful)

Martin Blank (154261) | more than 4 years ago | (#31234436)

You bring this up as a humor point, but it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. For example, if a 4-digit pre-generated PIN is not allowed to use certain sequence types such as sequential, all the same, paired pairs, etc., it may take a fair slice out of the available keyspace (not sure that's the right word, but it's close enough), at least enough to narrow down the ambiguity in case some hints about the PIN are known by an attacker.

It's less of a problem with longer passwords, as the maximum entropy for a given entry expands while patterns take smaller bites out the available space, but it does reduce the possible entropy slightly.

It also reminds me of a Dilbert strip where he visits the accounting trolls, and they take him to their random number generator, which is another troll saying, "9... 9... 9... 9..." Dilbert asks if it's really random, and the first troll says, "That's the problem with randomness: you never really know."

Re:This is a random comment. (2, Interesting)

SilverHatHacker (1381259) | more than 4 years ago | (#31234628)

Humans tend to define 'random' as being evenly distributed, to the point that if you ask a group of twenty people or so to space themselves randomly around a room, they will end up the same distance away from each other. It's probably more likely for the elements in a true random sequence to be similar to each other than for them to be evenly divided.

Re:This is a random comment. (1)

koiransuklaa (1502579) | more than 4 years ago | (#31234178)

How can you tell?

Re:This is a random comment. (1)

courteaudotbiz (1191083) | more than 4 years ago | (#31234726)

It's obviously not random, except if we fell on the 1 chance in a 1.51e10^36 that this comment is totally random, considering a choice of 28 characters over 25 characters long (considering "space" and "." in the charspace), and not considering the chances that the comment may have been randomly longer or shorter.

Random today, but still random tomorrow? (1, Insightful)

JSBiff (87824) | more than 4 years ago | (#31233924)

I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

Still, I suppose until such a time (if it ever arrives), this is probably a lot better than currently existing approaches.

Re:Random today, but still random tomorrow? (1)

MillionthMonkey (240664) | more than 4 years ago | (#31233958)

If they're tapping into the randomness of something's wave function, then nobody will ever be able to predict the outcome.

Re:Random today, but still random tomorrow? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31234338)

If they're tapping into the randomness of something's wave function, then nobody will ever be able to predict the outcome.

The only support for that is that nobody knows how to predict it yet. If someone does find a way then we'll just have to modify our understanding of the universe accordingly. To announce that it just won't ever be able to be done is to mistake our current scientific knowledge for revealed religious Truth.

Re:Random today, but still random tomorrow? (0)

Anonymous Coward | more than 4 years ago | (#31234428)

That'll be great. We'll be able to send messages backwards in time too!

Re:Random today, but still random tomorrow? (0)

Anonymous Coward | more than 4 years ago | (#31234612)

If you think there's a connection between having a hidden variable that accounts for the apparent probabilistic basis of QM and being able to send messages back in time then do please do explain it. I'm sure we can all learn a lot...

Re:Random today, but still random tomorrow? (1)

hairyfeet (841228) | more than 4 years ago | (#31234356)

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC. You could use size limits to narrow the search..say between 500Mb and 2Gb. Then make a hash based on those five folders, something like file sizes or time stamps or a combination of the two, wouldn't that be pretty damned random?

Now maybe I'm understanding it wrong, certainly not a crypto expert by any stretch, but surely nobody has the exact combination of downloads+pictures+music+temp+docs that I do, and that data should be able to be mixed in plenty of ways to generate random numbers, yes? And by choosing random folders based on size instead of just choosing defaults you shouldn't run into the "everyone has the same" problem like the default contents of my music or my pictures, so am I missing something?

Re:Random today, but still random tomorrow? (2, Informative)

BarryJacobsen (526926) | more than 4 years ago | (#31234434)

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC. You could use size limits to narrow the search..say between 500Mb and 2Gb. Then make a hash based on those five folders, something like file sizes or time stamps or a combination of the two, wouldn't that be pretty damned random?

Now maybe I'm understanding it wrong, certainly not a crypto expert by any stretch, but surely nobody has the exact combination of downloads+pictures+music+temp+docs that I do, and that data should be able to be mixed in plenty of ways to generate random numbers, yes? And by choosing random folders based on size instead of just choosing defaults you shouldn't run into the "everyone has the same" problem like the default contents of my music or my pictures, so am I missing something?

What you're describing sounds more like something that could be the "seed" for the random number generator - which would then still use an algorithm to generate the "random" numbers (since they're using an algorithm, they'd still just be pseudo-random).

Re:Random today, but still random tomorrow? (1)

b4k3d b34nz (900066) | more than 4 years ago | (#31234616)

Unless your folder structure constantly changes, the seed value you use would be the same, which means it's then (relatively) predictable. Will anyone actually crack it? Not likely, but basically you want a non-deterministic function, and if you have a file server with no new files or changes on it, you would have a deterministic seed.

Re:Random today, but still random tomorrow? (2, Insightful)

zegota (1105649) | more than 4 years ago | (#31234662)

"Say...choose 5 folders at random on a PC" And how exactly do you propose we choose those folders randomly?

Re:Random today, but still random tomorrow? (3, Insightful)

CharlyFoxtrot (1607527) | more than 4 years ago | (#31234724)

It's random folders all the way down.

Re:Random today, but still random tomorrow? (1)

ArsonSmith (13997) | more than 4 years ago | (#31234688)

"...to generate random numbers? Say...choose 5 folders at random on a PC."

infinite loop. I think your algorithm is going to fill up the memory rather quickly.

Re:Random today, but still random tomorrow? (1)

spleen_blender (949762) | more than 4 years ago | (#31233986)

Is that not true of "randomness" we see in natural systems as well? Know enough about its elements and you can predict its behavior?

Determinism, we don't need no stinkin' determinism.

Re:Random today, but still random tomorrow? (1)

Florian Weimer (88405) | more than 4 years ago | (#31234076)

I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

A secure implementation of this would use some deterministic post-processing element (these days based on the AES-128 or SHA-256 primitives), so that even when the source of non-determinacy fails, you still get unpredictable output, as long as the cryptographic primitive has not been breached.

On the other hand, we still haven't got a good random number generator in our libc, and we can't just use RAND_bytes everywhere for licensing reasons. So our problems are far more mundane.

This Is What's Wrong With Slashdot (1)

BitHive (578094) | more than 4 years ago | (#31234300)

A comment containing absolutely nothing but handwaving conjecture is moderated "Interesting". Thousands of dilletantes stroke their neckbeards in contemplation. Hmmmmm, yes, what if that thing you said?

Re:This Is What's Wrong With Slashdot (0)

Anonymous Coward | more than 4 years ago | (#31234394)

Would you prefer tits or GTFO?

And random the day after that. (1)

overshoot (39700) | more than 4 years ago | (#31234380)

I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?

No, it's based on thermal noise. It truly is random, but bear in mind that there's a bias to each bit that has to be compensated out.

Re:Random today, but still random tomorrow? (1)

kestasjk (933987) | more than 4 years ago | (#31234558)

The real problem is that the randomness might be biased one way or another. If a flip-flop doesn't have a 50:50 chance of settling on one or the other (something that seems more likely than not) then it'd be a much, much worse source for entropy than what we use now.

I really don't think we need any dangerous new entropy source, we have collect plenty of entropy already, and when dealing with something as important as getting random numbers from an RNG if it ain't broke don't fix it

Re:Random today, but still random tomorrow? (1)

flymolo (28723) | more than 4 years ago | (#31234570)

Part of the source for this randomness is the propagation of electricity in the circuit which can be different due to manufacturing impurities. You could potentially predict it, if you had the individual chip. That's better than what we have now, by a mile.

Judging by your comment... (2, Insightful)

AtomicDevice (926814) | more than 4 years ago | (#31233934)

I'd say based on the fact that all your characters were lower case, and the overwhelming proportion of characters to digits, there are significantly fewer bits of entropy in your so-called random comment than you would have us believe.

Re:Judging by your comment... (1)

drewhk (1744562) | more than 4 years ago | (#31234012)

This is a truly random comment:

aaaaaaaaaaaaaa

Re:Judging by your comment... (1)

biryokumaru (822262) | more than 4 years ago | (#31234122)

Here's a question about bits of entropy:

If they can mathematically calculate how random something is, can't they just mathematically determine what would be the most random series of numbers, and just use that?

Re:Judging by your comment... (1)

blueg3 (192743) | more than 4 years ago | (#31234212)

No. Neither a number nor a sequence of numbers has, by itself, any entropy.

Re:Judging by your comment... (1)

drewhk (1744562) | more than 4 years ago | (#31234536)

It depends. In an algorithmic sense you can talk about "random" sequences. They are the ones that are uncompressable. They also pass every effective test of randomness. Of course this is a different definition than "random process".

Re:Judging by your comment... (2, Insightful)

tepples (727027) | more than 4 years ago | (#31234692)

The entropy of a sequence of numbers is its Kolmogorov complexity [wikipedia.org] . It can't be calculated, but compression programs like 7-Zip give upper bounds.

Re:Judging by your comment... (1)

nacturation (646836) | more than 4 years ago | (#31234604)

If they can mathematically calculate how random something is, can't they just mathematically determine what would be the most random series of numbers, and just use that?

Then all that's needed is legislation that requires everyone desiring a random series of numbers to use the one that was pre-calculated for them. Problem solved!

Re:Judging by your comment... (1)

TheCarp (96830) | more than 4 years ago | (#31234416)

He never said what the encoding was

Re:Judging by your comment... (1)

Sir_Lewk (967686) | more than 4 years ago | (#31234648)

That however doesn't mean that it is any less random. I can make a random sequence using nothing more than 1's and 0's. Including the digit 2 would not make it any more random, it would just increase the randomness per character.

generation of random numbers (5, Funny)

Anonymous Coward | more than 4 years ago | (#31233978)

the generation of random number is too important to be left to chance.

Re:generation of random numbers (1)

Rakshasa Taisab (244699) | more than 4 years ago | (#31234322)

I left it to chance and look what it got me!

Why not use the ultimate random number generator? (1, Funny)

Anonymous Coward | more than 4 years ago | (#31233988)

Just pull random slashdot threads at -1 and hash that. Can't get more random than that.

Re:Why not use the ultimate random number generato (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31234078)

So your suggestion is to generate a random with a random? How do you get the random slashdot thread?

Re:Why not use the ultimate random number generato (2, Funny)

BarryJacobsen (526926) | more than 4 years ago | (#31234454)

So your suggestion is to generate a random with a random? How do you get the random slashdot thread?

From the previous random, duh!

XKCD Bait (5, Funny)

jgtg32a (1173373) | more than 4 years ago | (#31234050)

Lets play a game, what XKCD am I thinking of?

Re:XKCD Bait (1)

SilverHatHacker (1381259) | more than 4 years ago | (#31234696)

The one mentioned in the post right below yours?

obligatory xkcd (4, Funny)

fuo (941897) | more than 4 years ago | (#31234060)

always been one of my favorites... http://xkcd.org/221/ [xkcd.org]

Obligatory Dilbert (1)

plover (150551) | more than 4 years ago | (#31234206)

Re:Obligatory Dilbert (2, Funny)

Martin Blank (154261) | more than 4 years ago | (#31234510)

For those of us whose systems block the Wayback machine as an anonymizer, you might try http://dilbert.com/2001-10-25/ [dilbert.com] instead. (They started putting pretty much all of the old Dilberts online a few months ago.)

Taken to the next level: (4, Interesting)

jwietelmann (1220240) | more than 4 years ago | (#31234476)

Here [gamesbyemail.com] is a slightly-absurd-but-awesomme dice rolling machine.

Hardware? (3, Insightful)

e2d2 (115622) | more than 4 years ago | (#31234084)

TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

Re:Hardware? (3, Interesting)

eldavojohn (898314) | more than 4 years ago | (#31234382)

TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.

My guess would be custom though not completely different from everyday stuff. I was familiar with "metastability" from my college courses where it was mentioned as a classic problem in electronics [wikipedia.org] . I suppose there could be a way to harvest this data from hardware before it gets corrected. I never thought of this before but if you had a long length of optical fiber cable (longer than what it's rated for use) then you could send messages through that and collect them on the other end. I mean, we implement parity to remove these random flips of bits through transmission, couldn't we also use this to increase randomness of random numbers? I think I've read of the network guys fighting metastability [acm.org] so their incorrectly implemented hardware could probably be exploited as sources of random bits.

Re:Hardware? (0)

Anonymous Coward | more than 4 years ago | (#31234732)

I too am familiar with "metastability" from my college experience, although not from an academic level. On a group project using an FPGA, we failed to wire an input to a switch and a pull down resistor. This input was also to be used as a reset button. Our device would "randomly" result in resetting due to interference and metastability. Pretty cool stuff, just not while trying to a diagnose a hardware problem in software. :-p

Re:Hardware? (1)

tippe (1136385) | more than 4 years ago | (#31234514)

or if said hardware remains random in the presence of process, voltage or temperature variations (all of which affect the operation of "regular" flip-flops). It's one thing to "harness" the randomness of a register's metastability in the lab and quite another to do the same thing in mass-produced silicon...

Uhm (0, Troll)

Anonymous Coward | more than 4 years ago | (#31234150)

20 times more random? how measurable is that?

I mean, its either random, or not

What is "more random"? (4, Insightful)

onionman (975962) | more than 4 years ago | (#31234156)

From TFA:

The team adds that the efforts of a cracker attempting to influence the array will be wholly obvious to a simple statistical analysis as -- depending on the type of attack -- either the whole array or single elements will be disturbed, whereas these are again selected randomly. So this true random number generator can protect systems against third-party snooping, potentially making private and sensitive transactions on the Internet more secure.

Now I'm really skeptical. A cracker who is able to "influence" the array might be able to influence it with a pseudorandom number generator that he/she can predict.

I think that hardware based RNGs, such as those detecting radioactive isotope decay, have been around for a while. I'm not sure how this one can provide more security, especially if the attacker has access to the hardware. I think that most gate transition thresholds can be influence by simple things like temperature anyway.

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

Re:What is "more random"? (1)

Em Emalb (452530) | more than 4 years ago | (#31234342)

Think of it as a trip to Wendy's to get a value meal. If you get a classic single with cheese meal, regular size is ~$5.00. If you get it "large-sized", it's approximately $6.50.

There. More food for more cost. "More random"=more cost.

(Is it really more random if the part of the generation is either a 1 or a 0? Those states are known. It's either one or the other.) /snark

Re:What is "more random"? (1, Informative)

Anonymous Coward | more than 4 years ago | (#31234474)

more random means > entropy

Re:What is "more random"? (1)

dissy (172727) | more than 4 years ago | (#31234532)

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

True random means that each item in your possibility list has equal chances of occurring.

If your possibility list is the numbers 1-10, then each number would have exactly a 10% chance of occurring, in order to be truly random.

If instead some numbers have a 10.001% chance of being chosen, and some others have a 0.999% chance of being chosen, then while the result might appear to be just as random, it is less random than the first case.

Of course anything else that adjusts the outcome and enables further prediction also makes the results less random.

Sometimes, less random is good enough, say for a video game AI. It is worth it to spend less resources generating a less random number, when that amount of randomness is good enough.
Not so much for encryption however.

Re:What is "more random"? (2, Interesting)

ticklemeozmo (595926) | more than 4 years ago | (#31234538)

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

Nothing can be ever be considered random. If it is, it's just in a state of "we just don't have a means of measuring it's next value."

You can call me guessing a "number between 1 and 10" random, but that's just because you don't know my method of choosing. If you did, it wouldn't be random at all. If you knew the order of the deck of cards, and precisely each transition of the shuffle, then the next card could easily be predicted. Since you don't have that power, it's considered "random".

Same thing with network traffic, moving the mouse or memory contents; if you had a way to quickly and accurately measure all the inputs and knew it's method of generation, you could very easily guess the outputs. In all these cases, "random" only means "you cannot guess the outcome with any statistical significance."

Re:What is "more random"? (5, Informative)

joggle (594025) | more than 4 years ago | (#31234560)

In Numerical Recipes for C they list several benchmarks for determining how good one random number generator is compared to another (based on various statistics measures) so it certainly is possible for one method to be more random than another. Read chapter 7 of that book for all the details you could possibly want on this subject (with references to even more information).

One way of generating a good random number in Linux is using /dev/random (which uses a hardware-based random signal as its source, I don't recall the details). However, it isn't fast enough for most applications, outputting only a few bytes per second of random information, although it can serve as a useful seed for other random number generators. Just run 'cat /dev/random > random_bytes.bin' to see its output.

I'm curious what rate random information can be generated using the method in the article. I'm presuming it's fast enough that an application could rely solely on this data without having to use it as a seed for a pseudo-random number generator. The question is how long does it take for the hardware to get to the state where its next value is unpredictable--in the case of /dev/random it's relatively long.

20 times more random? (1)

Rockoon (1252108) | more than 4 years ago | (#31234172)

20 times more random?

umm.. errr... wha?

Re:20 times more random? (0)

Anonymous Coward | more than 4 years ago | (#31234240)

I sure the OP meant "20 times more randomer."

Re:20 times more random? (1)

arndawg (1468629) | more than 4 years ago | (#31234262)

It means that it takes Bruce Schneier an extra 0,019 seconds to figure out how to predict the sequence.

Re:20 times more random? (4, Funny)

TheCarp (96830) | more than 4 years ago | (#31234456)

Actually Bruce only has a 50% chance of getting the answer in 0.019 seconds. Chuck Norris however just hits the researcher with a round house so hard that his grandmother spits out the answer, 100% of the time.

Re:20 times more random? (1)

tomtomtom777 (1148633) | more than 4 years ago | (#31234418)

20 times more random?

I don't get it either. First they claim it's a true random generator that generates "purely random" numbers.

Then they proceed to explain that

... The degree of randomness possible depends on the size of the array ...

Can anybody tell me how this works?

Re:20 times more random? (0)

Anonymous Coward | more than 4 years ago | (#31234516)

... The degree of randomness possible depends on the size of the array ...

Can anybody tell me how this works?

It works because throwing more money at a problem always gives better/more encouraging results.

Re:20 times more random? (0)

Anonymous Coward | more than 4 years ago | (#31234684)

How random can you get?

You want random? (0)

Anonymous Coward | more than 4 years ago | (#31234196)

i'll give you random:

HM (1)

Arimus (198136) | more than 4 years ago | (#31234210)

Would this beat methods such as leaky diodes or radio noise which some systems use to get random data?

WiFi (2, Interesting)

hey (83763) | more than 4 years ago | (#31234218)

I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

Re:WiFi (5, Funny)

DoofusOfDeath (636671) | more than 4 years ago | (#31234390)

I always thought the WiFi radio in laptops would be a good thing for generating random numbers.

Brilliant! Just assign a bit based on whether or not it works in a given Ubuntu release!

Re:WiFi (1)

Lord Ender (156273) | more than 4 years ago | (#31234502)

So when you're generating your keys, all I have to do is blast your wifi and I can pick your keys for you? Cool!

20x more random than (radioactive decay) random? (1)

smoothnorman (1670542) | more than 4 years ago | (#31234222)

One person's random is another's expectation value

meh, Schrödingers bit (0)

Anonymous Coward | more than 4 years ago | (#31234224)

Once upon a time, we used cats for such things...

Re:meh, Schrödingers bit (1)

93,000 (150453) | more than 4 years ago | (#31234412)

No kidding - life was simpler back then.

Stupid P.E.T.A.

Re:meh, Schrödingers bit (2, Funny)

Dunbal (464142) | more than 4 years ago | (#31234698)

The only problem with the cat was they have 9 lives. No wonder we always kept getting live cats when we opened the box.

NOT "true" (1)

madddddddddd (1710534) | more than 4 years ago | (#31234228)

20 times better than "not true" does not equal "true"

reproducibility (3, Insightful)

domulys (1431537) | more than 4 years ago | (#31234270)

While this new technique may improve security, it seems to lack one important property of pseudo-random numbers that is required by many applications: reproducibility.

Good luck finding the bug in your program with a stream of randoms you'll never be able to reconstruct again.

Re:reproducibility (3, Insightful)

msauve (701917) | more than 4 years ago | (#31234430)

Just record the stream the first time, and play it back for testing.

Re:reproducibility (1)

TheCarp (96830) | more than 4 years ago | (#31234562)

Well...if you need a predictable stream, then maybe you should capture a single stream, and keep feeding that into the program? Then you can feed the same sequence every time.

Certainly you are right but... with a very small amount of work (a facility for switching out the randomness source), you can work around it easily.

There are plenty of applications where, a strong source of randomness is needed, and reproducibility is not needed at all.

-Steve

Physical/Metastable Functions (0)

Anonymous Coward | more than 4 years ago | (#31234292)

This is hardly new work as it has been around for years in the form of physical/metastable functions. They are "random" as a result in minute differences in the physical fabrication process combined with noise (leakage, power fluctuations, EMI, etc.). Similar approaches utilize free running ring oscillators to extract entropy from and are generally considered more reliable due to how sensitive metastability is. Either way for today's day and age they are plenty random enough especially if you consider them for applications where people don't have physical access to the machines such as servers. Even if you do have access to the device monitoring or trying to guess the operation would be very difficult. As far as the people who are asking if this is only "seemingly random" my answer is "of course". Given enough knowledge about any phenomenon you can figure out what is going to happen, as far as I know there is nothing that is truly random. However, for the most part very complex sources of entropy are good enough to be called practically truly random and more than sufficient for cryptographic applications. Remember big thing with this idea is that its not based on software or user generated source of entropy, that's why its considered a great deal better.

That's Cheating!! (0)

Anonymous Coward | more than 4 years ago | (#31234304)

Creating random numbers with a special hardware setup is cheating. Else any lottery machine with computer interface would also be quite a good random number devices.

Maybe their special feature is the speed at which they can generate random numbers? Sounds like that can put a big memory module to that kind of state and create lots of random data at the same time.

But that's also cheating. That's just parallel application of multiple random number generators.

Maybe it's cheap at least...

Random numbers (1)

Barlo_Mung_42 (411228) | more than 4 years ago | (#31234350)

9...9...9...9...9...9

Metastable Flip flops still have bias (3, Interesting)

wiredlogic (135348) | more than 4 years ago | (#31234410)

There is no way they can prove that these flip flops don't have bias one way or the other. Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations. This makes it impossible to create a perfect Gaussian metastability function or to place a device at the apex of that function such that the probability is 50/50 of switching to 1 or 0. Hence, you will not achieve truly random results. Metastability is also affected by the power supply voltage and current. A cryptographic device employing this technique could be subject to attack by lowering or modulating the power supply in such a way as to create predictable "random" numbers. i.e. make sure all the flip-flops transition to 1 or 0.

Ratio sensitivity (3, Interesting)

overshoot (39700) | more than 4 years ago | (#31234528)

Even if you could design a perfect circuit it would be subject to the imbalances between p-type and n-type transistors and process variations.

That's one problem it won't have, since the initial condition is at the balance point of P vs. N. The bias would show up in the curvature of the gain function around the bias point. It's not a large bias, and it's likely to vary from one device to the next -- so the prudent designer would have to correct for each bit's history. Still, thermal noise is easier to work with than radioactive decay.

Re:Metastable Flip flops still have bias (0)

Anonymous Coward | more than 4 years ago | (#31234540)

You're talking out of something, but I don't think it's your mouth.

QED (0)

Anonymous Coward | more than 4 years ago | (#31234444)

If after the "flip", the memory state is purely random, well, QED, right? You just generated a truly random integer, 0 or 1. If you need larger numbers, flip again, and use binary.

It's not just pseudo-random, it's random, right? So how is this not the end of the story for generating random numbers with a computer? (Other than perhaps increasing efficiency.)

I propose... (0)

Anonymous Coward | more than 4 years ago | (#31234500)

Actually, to tap into pure randomness they should just utilize Cuil search results instead and convert them if only to numbers.

Line-in on your soundcard... (0)

Anonymous Coward | more than 4 years ago | (#31234508)

I once used the line-in on my soundcard as an RNG. For each sample I took the LSB - seemed pretty random to me.

YOU FAIL IT! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31234574)

\same year, BSD NetBSD posts on are aatending a IMPLEMENTATION TO

The Random Number Generation... (0)

Anonymous Coward | more than 4 years ago | (#31234658)

are a bunch of slackers.

Get off my lawn.

Somebody should name a law after this phenomenon (1)

Man On Pink Corner (1089867) | more than 4 years ago | (#31234734)

Every x years, someone will find and publish a way to cure cancer... in mice.

Every y years, someone will invent and publish a way to treat phase velocity as if it were group velocity.

Every z years, someone will discover and publish a way to use metastable flip-flops to produce random numbers.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>