And let’s say an encryption algorithm gets a pseudorandom number from this algorithm and uses it to generate an encryption key without adding any additional randomness. On the other hand, if you’re using encryption, you don’t want to use pseudorandom numbers that an attacker could guess.įor example, let’s say an attacker knows the algorithm and seed value a pseudorandom number generator uses. For example, if you’re playing a video game, it doesn’t really matter whether the events that occur in that game are caused by “true” random numbers or pseudorandom numbers. This isn’t necessarily a bad thing in every situation.
The computer doesn’t gather any random data from the environment.
A computer could use a seed value and an algorithm to generate numbers that appear to be random, but that are in fact predictable. Pseudorandom numbers are an alternative to “true” random numbers. The /dev/random device on Linux, which generates random numbers, “blocks” and doesn’t return a result until it gathers enough entropy to return a truly random number. You’re not a predictable machine, so an attacker can’t guess the precise moment when you press these keys. Grab enough of the specific times associated with these key presses and you’ll have a source of entropy you can use to generate a “true” random number. For example, your computer might notice that you pressed a key at exactly 0.23423523 seconds after 2 p.m. An attacker wouldn’t be able to predict when radioactive decay would occur, so they wouldn’t know the random value.įor a more day-to-day example, the computer could rely on atmospheric noise or simply use the exact time you press keys on your keyboard as a source of unpredictable data, or entropy. According to quantum theory, there’s no way to know for sure when radioactive decay will occur, so this is essentially “pure randomness” from the universe. For example, the computer could measure the radioactive decay of an atom. To generate a “true” random number, the computer measures some type of physical phenomenon that takes place outside of the computer. We generally group the random numbers computers generate into two types, depending on how they’re generated: “True” random numbers and pseudo-random numbers. If it’s just a piece of computer code, isn’t it possible the numbers the computer generates could be predictable? You may be wondering how a computer can actually generate a random number. These random numbers are essential for secure encryption, whether you’re encrypting your own files or just using an HTTPS website on the Internet. We want to generate these numbers in a very unpredictable way so attackers can’t guess them. We can’t just use the same numbers over and over. Cryptography requires numbers that attackers can’t guess.
0 kommentar(er)
