Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Encryption: Generating true randomness with your computer - how? 1

Status
Not open for further replies.
chrismi

chrismi

Programmer
Jun 3, 2001
7
0
0
US
I would like to know if there exists a password generator which creates truly random passwords (in the scientific sense of the word "random"), and if there is a way to program a computer to create such randomness without external measuring equipment.

My understanding is that many encryption theories only work up to their highest potential if true randomness is guaranteed. Hence, as most computer random() algorithms are only pseudo-random, then any password or key generated by a such a non-random algorithm would reduce an encryption algorithm's effectiveness -- potentially down to zero.

I have read that there are few ways to create truly random strings of data -- measuring solar flares and cosmic radiation were some of the ways mentioned. One way which involves a computer is to measure the hard drive's rotation speed accurately -- supposedly the drive varies in its speed due to such interference as wind, friction, etc.

Q1) How to write a program that measures this?
Q2) Are there other ways to achieve randomness automatically?
Q3) Do any password generators exist which use truly random numbers?

Thanks.
 
Sort by date Sort by votes
PGP monitors your mouse movements and keyboard typing rate to generate a list of random events. Probably not perfect, but pretty good.

I recall seeing a link somewhere that talked about a $10 circuit that used the noise from a PNP transistor to generate random numbers, but it had a weakness -- it tended to pick up the 60 or 50Hz hum from all the wiring in the typical home and office, which skewed the numbers it produced. I think it was on the PGP International website (
Chip H.
 
Upvote 0 Downvote
Hmmm...
There have been great papers written on "computer generated randomness" and they all boiled down to..
"A computer cannot do *anything* random"

Now they *can* attempt to be very nearly random and nearly unpredictable... but from a mathmatics POV, a computer is not a random device, nor can it produce "true randomness"

Check on for crypto/security info and links to others..

-john
 
Upvote 0 Downvote
For mid-high level randomness (on unix boxes) use an unconnected /dev/audio as input (may wish to/need to offset any skew in the distribution by (for example) compressing the output).

To improve randomness (or perhaps more importantly improve unpredictability and reduce skew) take several random streams and XOR them together.
 
Upvote 0 Downvote
Thanks, Callum,

Those are both good suggestions. What do I do on a Windows box, however, and how do I achieve high-level randomness? Thanks for any input.

Chris
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

stanlyn
  • Question
Uncoupled Disk Encryption
Replies
0
Views
173
stanlyn
stanlyn
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
146
Sameer258
Sameer258
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
52
ISDPCMAN
ISDPCMAN
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
71
hairlessupportmonkey
hairlessupportmonkey
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
55
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top