Understanding Environmental Noise for Random Number Generation

The first important thing to understand is that you can’t program a computer to do something randomly – however complex the algorithm you write, it will always go from some initial state to some final state, and if you can perfectly recreate the initial state, you can perfectly recreate the final state.

The second important thing to understand is that you can feed randomness into a computer – if your initial state is completely unpredictable, then you can make your final state completely unpredictable.

"Environmental noise" is referring to this external source of random input (or "entropy"). It can take a variety of forms, such as:

  • Reading the signal on an audio input line, or a radio antenna, and keeping the least significant bits of the signal (the tiny fluctuations you’d normally discard as noise)
  • Timing the user’s interactions with keyboard and mouse, again discarding most of the signal and keeping the noise
  • Filming a wall of lava lamps

The idea is to stop an attacker doing two things:

  • predicting your random numbers, by knowing your input state and algorithm
  • influencing your random numbers, by changing your input state to one they know

Consider audio noise as an example:

  • if they could measure the same input as you, they could predict your seed, but even placing a microphone next to yours won’t record identical noise measured at a high resolution
  • if they make a noise near your microphone, it will influence your seed, but again not with enough precision to be useful to them

Leave a Reply

Your email address will not be published. Required fields are marked *