So this is a modern version of random.org?
Seems cool, but it seems a bit odd to rely on a 3rd party service to introduce randomness into your project
Like some kind of space-age Bingo hall caller, a cloud-based API that publicly streams random numbers arrives today, and is being touted by Cloudflare. The web-distribution giant is enlisting the help of four other organizations and a handful of researchers to create what it calls the League of Entropy, a project aimed at …
Well, there have been a number of public sources for random numbers throughout the years. However, if you are using any number of hardware random number sources that convert entropy to a digital stream, then of course this is superfluous.
There are random numbers from various noise sources, random numbers from audio and video static, random numbers from fish bowls and Lava Lamps, and of course preschoolers are (un)amazingly random.
Especially since the random numbers are public, so anyone wanting to break your code just has to store those numbers & they have a starting point for decryption.
Hence: This is where it should be noted that the public system will not be recommended in any way, shape, or form for use with cryptographic or security-sensitive tools or applications, for obvious reasons.
Indeed. I hadn't even reached the third paragraph before wondering "shirley, you're not using that for crypto?", then I went "phew, oh that's OK then" - before my mind again flew off towards "some idiot is going to use it for crypto in some big org for critical data, I just know it".
I remember trying to explain to my tutor(!) during my Master's in the supposedly Advanced Cryptography unit about crypto-safe RNGs. He didn't get it. This was a PhD student!
Obligatory XKCD: https://xkcd.com/221/
and Dilbert: https://dilbert.com/strip/2001-10-25
I wonder if someone will come up with an algorithm to use today's official 512-bit random number to predict today's winning lottery numbers...
It certainly is true that one shouldn't use, for example, RAND's "One million random numbers with 100,000 normal deviates" as a cipher key, and this is sort f the same thing. But some people might make that mistake, and does that mean this site is a menace that should be shut down?
But there is a valid use for it. Say if you want to randomly choose parameters for, say, an experiment in testing the effect of a fertilizer by applying it to random plots of land.
And for crypto - say if you generate your own random numbers securely with dice, but those dice might produce numbers that are slightly biased - using an operation like XOR to mix in some high-quality random numbers, even if they're not secure, could be helpful if done right. RAND's book, the digits of pi, or these numbers could serve for that.
Nobody's arguing that it should be shut down. That'd be crazy. However, this site falls into a valley where on-device random number generation is insufficient and where this site would introduce security problems. There are probably a few places that need that degree of entropy, but many of them may have gotten a temperature, static (cosmic radiation), or even human-fed (times of typing or something like that) source. By all means use it if it's needed, but I doubt that people will be rushing out to do so en mass.
Yeah, because the people who run the lotteries don't already do that.
Lucky Dip anyone? From the people who run a website basically premised on the idea that they generate sufficiently random numbers to use on / allocate you a scratchcard from a pool of available ones?
Surely people will use those bits to base their secret keys on. I mean considering that there are incredibly cheap sources of random noise in virtually every computer (particularly in embedded devices which typically have good true random generators) only complete idiots would choose to get some "random" data everybody else can see, too.
https://github.com/id-Software/DOOM/blob/master/linuxdoom-1.10/m_random.c
Seems strange. Both "PRNGs" (_very_ "pseudo"!) just loop through a table of 256 values. The values are not evenly distributed. For example, 249 and 239 appear three times each; 245, 243, and 234 don't come up at all. It's about as non-random as a PRNG can get while still sort of looking like a PRNG. Were Donald Knuth dead, he'd be spinning in his grave.
But for the purpose at hand of making a game _look_ random, it's actually Just Fine. It's a small, fast PRNG from an era when computational grunt was lacking. They probably could have cut the table size to 64 bytes and replaced "&0xff" with "&0x3f", saving 192 then-precious bytes of RAM, and still had the game "look" random.
A while back, inspired by LavaRand, I put some D20s, D12s, and other random dice into a plastic jar and stuck it on the end of a slow (maybe one turn every second) motor, and pointed a Webcam at it. Predicting the resulting images would be equivalent to predicting how dice would land; I felt confident that any adversary capable of doing that would clean up at a casino and leave me alone.
Any pseudo-random generator will have a finite cycle and will repeat. Best it can do is to have each value appear an equal number of times. You're right that this is a tip-off that the numbers are not truly random (not something you'll notice with a "modern" PRNG with a cycle length of 2^64 or 2^128 or even 2^19963). But having some numbers appear 3/256 of the time and some not at all is a still bigger tip-off.
But you can do worse, and many of us probably have. Knuth, as I recall, described an early effort he made in his mis-spent youth which generated somewhat random-looking numbers for a while, and then got stuck in an endless cycle of three numbers. Hence his conclusion that "random numbers should not be generated by a method selected at random".
Clearly they were either so pressed for every single instruction, or someone couldn't be bothered to read Numerical Recipes and code up even a basic one.
This from the same brains that later used a wonderful mathematical optimisation (https://en.wikipedia.org/wiki/Fast_inverse_square_root) when they had buckets more processor power to use.
Indeed.
Cloudflare complains and wants me to enable JavaScript when I try to view the Reg over the TOR browser.
Also, it would be nice if NetFlix and YouTube would use this random entropy instead of suggesting videos I've already watched.
Yes, I've had times where Cloudflare has effectivly blocked my access to El Reg.
One other time, a simple edit to a post containing a few links presumably got flagged as spam, and it kept hitting me with the craptcha thing, with yellow buses and american fire hydrants, and so on.
Additionally, when you say "boxes containing traffic lights", do you mean just the lights? the housing? the poles?
I gave up after 3 failed attempts.
It's not happened often, to be fair, but it's still annoying when it does.
http://pixelmemory.us/~mcmurtri/Primes.jsp?from=56&to=200
Perfect for when you need to scramble some bits with a prime number you've pulled out of your SaaS. It's an ancient page and bots have crawled it up to the 2000168719th prime number, which seems to be 47059986679 (if the code works).
Since I've got the primes, I might as well do LCMaaS.
http://pixelmemory.us/~mcmurtri/LCM.jsp
Any other silly self-hosted services out there?
I assume, and the article stonrgly implies in its summing-up, that this will be used by some folks developing and testing systems that will require random, not PRNG, data. Well, that's fine. It seems we're all agreed that as a source for serious crypto¹ it is an absolute non-starter. Even a "private" stream couldn't guarantee either that the data remained unique to its users or that a MiM attack couldn't eavesdrop on it.
And anyway, if you want real randoms for serious crypto, aren't you using at least a dongle, with some combination of Johnson noise, and/or a radioactive source, probably also with a "twitch your mouse like you're having a fit for 30 seconds" session to generate wildly random values? (Or even, whisper it, a cheap little antanna stuck out the window that feeds on RF, cosmic rays etc?)
(Some folks with very long planning horizons, spooked by quantum computing—and possibly exaggerated visions of what's in the basement at Ft Meade—have already devoted considerable energy to punching out self-destructing one-time pads, and may be single-handedly keeping the world's airlines in profit as a legion of grumpy Borises flit about with thumb drives up their asses. They are generating quadruply-seeded random streams by the terabyte.)
.
¹ "Serious crypto", as in "major consequences".
For those lucky enough to use Linux, there's always /dev/random for information theoretic secure random numbers. That will get you 10's of kbits/hr simply using your machine, and 20's of kbits/hr using PornHub. And there's /dev/urandom for infinite amounts of cryptographically secure numbers. We need education, not a lava lamp service...