New Method for Random Number Generation Developed

Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."

Re:Random today, but still random tomorrow?

[BarryJacobsen]

Question: why not simply use the random crap we all have on our PCs to generate random numbers? Say...choose 5 folders at random on a PC. You could use size limits to narrow the search..say between 500Mb and 2Gb. Then make a hash based on those five folders, something like file sizes or time stamps or a combination of the two, wouldn't that be pretty damned random?

Now maybe I'm understanding it wrong, certainly not a crypto expert by any stretch, but surely nobody has the exact combination of downloads+pictures+music+temp+docs that I do, and that data should be able to be mixed in plenty of ways to generate random numbers, yes? And by choosing random folders based on size instead of just choosing defaults you shouldn't run into the "everyone has the same" problem like the default contents of my music or my pictures, so am I missing something?

What you're describing sounds more like something that could be the "seed" for the random number generator - which would then still use an algorithm to generate the "random" numbers (since they're using an algorithm, they'd still just be pseudo-random).

Re:What is "more random"?

[Anonymous Coward]

more random means > entropy

Re:What is "more random"?

[joggle]

In Numerical Recipes for C they list several benchmarks for determining how good one random number generator is compared to another (based on various statistics measures) so it certainly is possible for one method to be more random than another. Read chapter 7 of that book for all the details you could possibly want on this subject (with references to even more information).

One way of generating a good random number in Linux is using /dev/random (which uses a hardware-based random signal as its source, I don't recall the details). However, it isn't fast enough for most applications, outputting only a few bytes per second of random information, although it can serve as a useful seed for other random number generators. Just run 'cat /dev/random > random_bytes.bin' to see its output.

I'm curious what rate random information can be generated using the method in the article. I'm presuming it's fast enough that an application could rely solely on this data without having to use it as a seed for a pseudo-random number generator. The question is how long does it take for the hardware to get to the state where its next value is unpredictable--in the case of /dev/random it's relatively long.

Re:Uhm

[JesseL]

http://en.wikipedia.org/wiki/Entropy_(information_theory) [wikipedia.org]

Link to actual paper

[scovetta]

http://pv.fernuni-hagen.de/docs/fechnerb_attack.pdf [fernuni-hagen.de]

Re:What is "more random"?

[Bruce Perens]

You seem to be missing quantum mechanics. The noise from a noise diode, a good way of getting real randomness, is a quantum phenomenon and you can only explain it with statistics. There is a probability that any little bit of the junction will avalanche within a certain time, but there is no way for you to say when.

Re:What is "more random"?

[Frequency Domain]

What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".

True random means that each item in your possibility list has equal chances of occurring.

No, true random means the outcome cannot be predicted with certainty. What you're describing is one particular type of randomness known as the "uniform distribution". Gaussian or binomial random variables, for example, don't have equal likelihood for the outcomes but are still truly random.

Re:Random today, but still random tomorrow?

[ircmaxell]

What bothers me, is the quote:

At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods

If it's "purely" random (as they put it), then how can you measure the difference between it and a "conventional" method? Wouldn't comparing a pseudo random source to "true" randomness be like comparing a finite number to infinity? In that you "know" it's more random, but it's impossible to quantify with a finite value (the twenty times qualifier)?

Re:Metastable Flip flops still have bias

[ooooli]

You're confusing Shannon entropy and true randomness. If you have a string of bits that are created by a process that is truly random but has a bias, it's easy to transform it into an unbiased (but shorter) string.

The problem with pseudo-random generators is that they're really not random at all: They're determinstic functions that map a seed onto a sequence of random bits. If you know the function and the seed, you can predict all of it, which leads to potential vulnerabilityies. The point of truly random numbers is that there's no possible information you could have that would enable you to predict it.

Re:What is "more random"?

[BlaisePascal]

/dev/random is slow because it maintains an entropy pool filled by sources of randomness in the hardware -- things like mouse movements, keystroke timings, disk timings, etc. If reading from /dev/random drains the pool faster than it's filled, then /dev/random blocks until there is enough entropy. /dev/urandom uses the same techniques (same pool, even), but it doesn't block when the pool is drained of entropy. Theoretically this means that there could be enough information in the output of /dev/urandom to predict the next output, but I don't think the theory has been put into practice.

A hardware RNG could easily be configured as another source of randomness added to the pool.

Re:Metastable Flip flops still have bias

[Alef]

Hardware random number generators are often biased, and there are well known ways to deal with that. (See for example Wikipedia [wikipedia.org].)

Re:This is a random comment.

[veg_all]

Radiolab, yes. Episode called Stochasticity [wnyc.org].

Re:What is "more random"?

[blueg3]

Bell disagrees, and is backed up by empirical measurement.

Re:generation of random numbers

[chrism238]

While this has been rated as Funny, it would have been respectful to acknowledge the source: http://codequotes.com/2006/08/14/coveyou-random-numbers [codequotes.com]

Re:generation of random numbers

[harlows_monkeys]

Unless you are Robert R. Coveyou, you should have attributed that.