New Method for Random Number Generation Developed 395
Science Daily is reporting that a German team has developed a new method of random number generation that they hope will improve security. "The German team has now developed a true random number generator that uses an extra layer of randomness by making a computer memory element, a flip-flop, twitch randomly between its two states 1 or 0. Immediately prior to the switch, the flip-flop is in a 'metastable state' where its behavior cannot be predicted. At the end of the metastable state, the contents of the memory are purely random. The researchers' experiments with an array of flip-flop units show that for small arrays the extra layer makes the random number almost twenty times more 'random' than conventional methods."
Random today, but still random tomorrow? (Score:1, Insightful)
I have to wonder about this approach, if it falls into the category of seemingly random today, because we simply don't yet know how to predict the outcome, but maybe someone in a few years' time figures out the necessary principles to predict what the outcome will be?
Still, I suppose until such a time (if it ever arrives), this is probably a lot better than currently existing approaches.
Judging by your comment... (Score:3, Insightful)
Re:Why not use the ultimate random number generato (Score:2, Insightful)
Hardware? (Score:4, Insightful)
TFA fails to state whether they used existing memory types or if they intend to use a custom piece of hardware on board.
What is "more random"? (Score:5, Insightful)
From TFA:
The team adds that the efforts of a cracker attempting to influence the array will be wholly obvious to a simple statistical analysis as -- depending on the type of attack -- either the whole array or single elements will be disturbed, whereas these are again selected randomly. So this true random number generator can protect systems against third-party snooping, potentially making private and sensitive transactions on the Internet more secure.
Now I'm really skeptical. A cracker who is able to "influence" the array might be able to influence it with a pseudorandom number generator that he/she can predict.
I think that hardware based RNGs, such as those detecting radioactive isotope decay, have been around for a while. I'm not sure how this one can provide more security, especially if the attacker has access to the hardware. I think that most gate transition thresholds can be influence by simple things like temperature anyway.
What exactly does "more random" mean in the summary? I think something is either random or it isn't. Perhaps this claim should just make us "more skeptical".
Re:This is a random comment. (Score:4, Insightful)
reproducibility (Score:3, Insightful)
Good luck finding the bug in your program with a stream of randoms you'll never be able to reconstruct again.
Re:Random today, but still random tomorrow? (Score:1, Insightful)
If they're tapping into the randomness of something's wave function, then nobody will ever be able to predict the outcome.
The only support for that is that nobody knows how to predict it yet. If someone does find a way then we'll just have to modify our understanding of the universe accordingly. To announce that it just won't ever be able to be done is to mistake our current scientific knowledge for revealed religious Truth.
Re:reproducibility (Score:4, Insightful)
Re:This is a random comment. (Score:5, Insightful)
You bring this up as a humor point, but it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. For example, if a 4-digit pre-generated PIN is not allowed to use certain sequence types such as sequential, all the same, paired pairs, etc., it may take a fair slice out of the available keyspace (not sure that's the right word, but it's close enough), at least enough to narrow down the ambiguity in case some hints about the PIN are known by an attacker.
It's less of a problem with longer passwords, as the maximum entropy for a given entry expands while patterns take smaller bites out the available space, but it does reduce the possible entropy slightly.
It also reminds me of a Dilbert strip where he visits the accounting trolls, and they take him to their random number generator, which is another troll saying, "9... 9... 9... 9..." Dilbert asks if it's really random, and the first troll says, "That's the problem with randomness: you never really know."
Re:Random today, but still random tomorrow? (Score:2, Insightful)
Re:Judging by your comment... (Score:3, Insightful)
Re:Random today, but still random tomorrow? (Score:4, Insightful)
It's random folders all the way down.
Re:XKCD Bait (Score:3, Insightful)
Is this your card? [virtualp.us]
Re:reproducibility (Score:4, Insightful)
Horses for courses. If you want reproducible, you don't want true random. If you want security, you do.
Re:This is a random comment. (Score:2, Insightful)
How about this as random?
Sr5&8w796Z6W9mVVM7HAuv43Yg8D523QwTf25646@SEKKEP3#m2t3f@2ap95295437852^5262S*qMK#b&B#^aXbxNfRQudSCz9P
Sort of looks like there are groups of character-types, but I guess it could be random.
Actually anything could be random, because by its very nature a random process can create anything, including "Sort of looks like there are groups of character-types, but I guess it could be random."
However, it's still much more likely that you intentionally wrote that sentence, that that it just happened to be generated by a random process.
Good for cryptography, bad for statistics (Score:2, Insightful)
For cryptography its fine though.