reading internet data to generate random numbers.
steve at REMOVEMEcyber.com.au
Thu Nov 3 07:48:47 CET 2005
Mike Meyer wrote:
> Grant Edwards <grante at visi.com> writes:
>>On 2005-11-02, Neil Schemenauer <nas at arctrix.com> wrote:
>>>Grant Edwards <grante at visi.com> wrote:
>>>Using data from the Internet is just a bad idea.
>>I think that the timing of certain network events is one of the
>>Linux kernel's entropy sources.
> BSD as well. The key word is "one". While network events don't make a
> good source of random data, proplery combining such sources can create
> good random data.
Depends on what you mean by "random". In particular,
the randomness of network events does not follow a
uniform distribution, but then not many things do.
Uniformly distributed random data is what you want for
cryptography. If you are modelling physical events, you
might want some other distribution, e.g. normal (bell
curve), Poisson, exponential, binomial, geometric,
hypergeometric, and so forth.
I have no idea what distribution data from the Internet
would have, I would imagine it is *extremely*
non-uniform and *very* biased towards certain values
(lots of "<" and ">" I bet, and relatively few "\x03").
But, for the sake of the argument, if that's the random
distribution that you actually need, then the Internet
would be a good source of randomness.
Just not for encryption. It would be terrible for that.
> Randomness is a deep subject.
This is certainly true. I love the Dilbert cartoon
where Dilbert is on a tour of Accounting. He comes
across a troll sitting at a desk chanting "Nine, nine,
nine, nine, ...". His guide says, "This is our random
number generator." Dilbert looks skeptical and asks
"Are you sure that's random?", to which the guide
answers "That's the trouble with randomness, you can
never be sure."
More information about the Python-list