reading internet data to generate random numbers.

Steven D'Aprano steve at REMOVEMEcyber.com.au
Thu Nov 3 07:48:47 CET 2005


Mike Meyer wrote:

> Grant Edwards <grante at visi.com> writes:
> 
>>On 2005-11-02, Neil Schemenauer <nas at arctrix.com> wrote:
>>
>>>Grant Edwards <grante at visi.com> wrote:
>>>Using data from the Internet is just a bad idea.
>>
>>I think that the timing of certain network events is one of the
>>Linux kernel's entropy sources.
> 
> 
> BSD as well. The key word is "one". While network events don't make a
> good source of random data, proplery combining such sources can create
> good random data. 

<pedant>

Depends on what you mean by "random". In particular, 
the randomness of network events does not follow a 
uniform distribution, but then not many things do. 
Uniformly distributed random data is what you want for 
cryptography. If you are modelling physical events, you 
might want some other distribution, e.g. normal (bell 
curve), Poisson, exponential, binomial, geometric, 
hypergeometric, and so forth.

I have no idea what distribution data from the Internet 
  would have, I would imagine it is *extremely* 
non-uniform and *very* biased towards certain values 
(lots of "<" and ">" I bet, and relatively few "\x03"). 
But, for the sake of the argument, if that's the random 
distribution that you actually need, then the Internet 
would be a good source of randomness.

<\pedant>

Just not for encryption. It would be terrible for that.



> Randomness is a deep subject. 

This is certainly true. I love the Dilbert cartoon 
where Dilbert is on a tour of Accounting. He comes 
across a troll sitting at a desk chanting "Nine, nine, 
nine, nine, ...". His guide says, "This is our random 
number generator." Dilbert looks skeptical and asks 
"Are you sure that's random?", to which the guide 
answers "That's the trouble with randomness, you can 
never be sure."


-- 
Steven.




More information about the Python-list mailing list