random number generatorComputers generate a random number for everything from cryptography to video games and gambling. There are two categories of random numbers — “true” random numbers and pseudorandom numbers. And the difference is important for the security of encryption systems. In this article, we are gonna talk about how we use the computer as a random number generator. Let’s begin!
This topic has become more controversial recently, Along with many people questioning whether Intel’s built-in hardware random number generator chip is trustworthy or not. To understand why it might not be trustworthy, you will have to understand. That how random numbers are generated in the first place, and what they are used for.
What Random Numbers Are Used For | random number generator
Random numbers have been used for many thousands of years. Whether it is flipping a coin or rolling a dice, the goal is to leave the end result up to random chance. The random number generator in a computer is similar. They are an attempt to achieve an unpredictable, random result.
Random number generators are very useful for many different purposes. Aside from obvious applications like generating random numbers for the purposes of gambling or creating unpredictable results in a computer game, randomness is really important for cryptography.
Cryptography requires numbers that attackers cannot guess. We cannot just use the same numbers over and over. We want to generate these numbers in a very unpredictable way so attackers cannot guess them. These random numbers are important for secure encryption. whether you are encrypting your own files or just using an HTTPS site on the Internet.
True Random Numbers | random number generator
You may be wondering how a computer can actually generate a random number. Where does this “randomness” come from? If it is just a piece of computer code, is not it possible the numbers the computer generates could be predictable?
We generally group the computers of the random number generate into two types. That depends on how they are generated: “True” random numbers and pseudo-random numbers.
To generate a “true” random number, the computer measures some type of physical phenomenon that takes place outside of the computer. Such as, the computer could measure the radioactive decay of an atom. According to quantum theory, there is no way to know for sure when radioactive decay will occur. So this is essentially “pure randomness” from the universe. An attacker would not be able to predict when radioactive decay would occur. So they would not know the random value.
For a more day-to-day example, the computer could rely on atmospheric noise or simply use the exact time you press keys on your keyboard as a source of unpredictable data or entropy. Such as, your computer might notice that you pressed a key at exactly 0.23423523 seconds after 2 p.m. Grab enough of the specific times associated with these key presses and you will have a source of entropy you can use to generate a “true” random number. You are not a predictable machine. So an attacker cannot guess the precise moment when you press these keys. The /dev/random device on Linux, that generates random numbers, “blocks” and does not return a result until it gathers enough entropy to return a truly random number.
Pseudorandom Numbers | random number generator
Pseudorandom numbers are an alternative to “true” random numbers. A computer could use a seed value and an algorithm to generate numbers that appear to be random, but that is in fact predictable. The computer does not gather any random data from the environment.
This is not necessarily a bad thing in every situation. Like, if you are playing a video game. It does not really matter whether the events that occur in that game are caused by “true” random numbers or pseudorandom numbers. On the other hand. If you are using encryption, you do not want to use pseudorandom numbers that an attacker could guess.
Such as, let’s say an attacker knows the algorithm and seed value a pseudorandom number generator uses. And let us say an encryption algorithm gets a pseudorandom number from this algorithm. And uses it to generate an encryption key without adding any additional randomness. If an attacker knows enough, they could work backward and determine the pseudorandom number. The encryption algorithm must have chosen in that case, breaking the encryption.
The NSA and Intel’s Hardware Random Number Generator
To make things easier for developers and help generate secure random numbers. Intel chips include a hardware-based random number generator known as RdRand. This chip uses an entropy source on the processor and gives random numbers to software when the software requests them.
The problem here is that the random number generator is essentially a black box and we do not know what is going on inside it. If RdRand contained an NSA backdoor, the government would be able to break encryption keys. That was generated with only data supplied by that random number generator.
This is a serious concern. In December 2013, FreeBSD’s developers removed support for using RdRand directly as a source of randomness, saying they could not trust it. [Source] The output of the RdRand device would be fed into another algorithm that adds additional entropy. That ensures that any backdoors in the random number generator would not matter. Linux already worked in this way, further randomizing the random data coming from RdRand so that it would not be predictable even if there was a backdoor. [Source] In a recent AMA (“Ask Me Anything”) on Reddit, Intel CEO Brian Krzanich did not answer questions about these concerns. [Source]
Of course, this likely is not just a problem with Intel chips. FreeBSD’s developers called out Via’s chips by name, too. This controversy shows why generating random numbers that are truly random and are not predictable is so important.
To generate “true” random numbers, random number generators gather “entropy,” or seemingly random data from the physical world around them. For random numbers that do not really need to be random, they may just use an algorithm and a seed value.
Alright, That was All Folks! I hope you like this random number generator article and find it helpful to you. Give us your feedback on it. Also if you want to ask further queries related to it. Then let us know in the comments section below. We will get back to you shortly.
Have a Great Day!
Also See: NSFW: Meaning and How it Actually Works