Jason Joel Thompson writes:
> The -pseduo- random number generator you describe is getting very close to
> being effectively a random number generator, at least until repetetion
> occurs.
Indeed, that's why the only difference is "pseudo". The pseudo ones
eventually cycle, the real ones (if they do indeed exist, some
physicists seem to doubt that) don't. In cryptography there is an
attack on generation of secrets based on knowledge of your
pseudorandom number generator algorithm and it's state. Hence real
cryptographic suites always draw on an entropy pool based on digitized
real-world noise. In absence of a hardware random number generator,
this relies on user key strokes and mouse movements, hard drive seek
times, LSB of audio and video inputs and is a scarce resource. (In
fact, there's even a DoS on the entropy pool -- in Linux by reading a
lot of bytes from /dev/random). Hardware random generators have begun
to crop up in motherboard chipsets, but since they're not fully
documented the cryptographic community does not trust them.
> > > One could assign a probability of being truly random to such a string of
> > > numbers. (Which is all one could do in any case.)
> >
> > I'm not sure I understand what you mean.
>
> -Any- string of numbers (source independent) has a probability of being
> truly random-- the closer that probabilty is to 100%, the more effectively
> random that string becomes. Though excruciating unlikely (actually a limit
> that approaches zero) a string of 1s -could- be the output of a truly random
> generator.
Of course all tests for randomness are statistical. Probabilistic
proofs only become asymptotically absolute in infinite time. In
practice you will it extremely tedious to wait for a cryptohash fed
with it's own output to begin to cycle.
This archive was generated by hypermail 2b29 : Mon Oct 02 2000 - 17:37:34 MDT