1996-02-17 - Re: True random numbers

Header Data

From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: cfa6d232644a148bb346d6f1d2c904a1322f3933cff3a71a533444e775f087a3
Message ID: <ad4b827f0e0210047032@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1996-02-17 21:14:16 UTC
Raw Date: Sun, 18 Feb 1996 05:14:16 +0800

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Sun, 18 Feb 1996 05:14:16 +0800
To: cypherpunks@toad.com
Subject: Re: True random numbers
Message-ID: <ad4b827f0e0210047032@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 8:02 PM 2/17/96, maruishi@netcom.com wrote:
>I was trying to think of a way to come up with true random numbers...
>And knowing a bit of UNIX socket TCP/IP programming I made a small little
>program that generates random numbers by measuring the mili-second timing
>ies a TCP packet to bounce back, from another network.
>  My program simply send some data to port 7 (echo port) of a network on
>an internal list. Then timing it, randomly picks a different network to
>send to.
>
> I was wondering if this would be helpful to anyone for generating random
>key or whatever.
>
>If you want the source code please post a request or e-mail me. If you
>think for some reason that using this method is a bad idea, I would like
>to know.

To paraphrase, anyone who thinks he can get truly random numbers from Unix
boxes and network timing info is living in a state of sin.

More helpfully, I suggest you do several things:

1. Several textbooks discuss the problems implicit in generating
pseudorandom and "pretty random" numbers. Easier to read what others have
thought about than to spend time writing code that is flawed conceptually.

2. The CP list has discussed RNGs many, many,..., many times. Consult the
archives for a sampling.

3. If network and machine timings have to be used, other people have
written programs that do this. I think Matt Blaze's package includes at
least one such program.

4. I'd avoid altogether phrases such as "generates random numbers," unless
your method uses radioactive decay or Johnson noise measurements, for
example, and maybe not even then.

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









Thread