Why is it that true random number generation is virtually impossible for current computers to achieve? I build and fix computer hardware as part of my living, but I still don’t understand this. Please explain?
In: 3
It’s certainly not “virtually impossible”. Most computers have a number of devices that generate essentially random data, such as mice, keyboards, and temperature sensors, and many operating systems have a program that collects this data and uses it to generate “true” random numbers. For example this is what /dev/random generally does on unix-like operating systems. You can also get peripheral devices that use physical processes such as radioactive decay to generate “true” random numbers, and there are even web services that allow you to download “true” random numbers produced by somebody else. However, these options have several big downsides:
* they are extremely slow compared to typical pseudo-random number generators (PRNGs), so aren’t suitable if you need a large number of random values
* because the way these systems operate is quite complicated and unpredictable, it can be quite hard to ensure that they really do what they’re supposed to – in contrast we know exactly how PRNGs such as Mersenne Twister behave and we can be sure that their output consistently satisfies a battery of tests demonstrating that they are random “enough” for many purposes
* “true” random number generators can be affected by subtle hardware failures, for example if a temperature sensor stops working it might degrade the quality of output from /dev/random and you might not even notice
What people often do with scientific simulations is use a PRNG like Mersenne Twister, and use a “true” random source such as /dev/random or the current time to seed it (set its initial value) so it doesn’t produce exactly the same sequence of random numbers every single time.
If you need random numbers for cryptographic purposes such as generating random passwords, that approach isn’t good enough. Instead you need to use a specially designed CSPRNG (cryptographically secure pseudo random number generator) such as Blum Blum Shub – these are slower than normal PRNGs but make it very difficult for someone who has seen several outputs to predict what the next one will be. And you need to be careful how you seed it – using the current time isn’t good enough because people may be able to infer what time the program was run.
Latest Answers