reading internet data to generate random numbers.
Robert Kern
robert.kern at gmail.com
Thu Nov 3 02:18:50 EST 2005
Steven D'Aprano wrote:
> Mike Meyer wrote:
>>BSD as well. The key word is "one". While network events don't make a
>>good source of random data, proplery combining such sources can create
>>good random data.
>
> <pedant>
>
> Depends on what you mean by "random". In particular,
> the randomness of network events does not follow a
> uniform distribution, but then not many things do.
> Uniformly distributed random data is what you want for
> cryptography. If you are modelling physical events, you
> might want some other distribution, e.g. normal (bell
> curve), Poisson, exponential, binomial, geometric,
> hypergeometric, and so forth.
>
> I have no idea what distribution data from the Internet
> would have, I would imagine it is *extremely*
> non-uniform and *very* biased towards certain values
> (lots of "<" and ">" I bet, and relatively few "\x03").
> But, for the sake of the argument, if that's the random
> distribution that you actually need, then the Internet
> would be a good source of randomness.
No, it works just fine as a source of randomness. It does not work as a
stream of uniform random bytes, which is a different thing altogether
(and to be fair, Mike made that distinction fairly clearly). It's
perfectly good as one of many sources to draw on to rekey a
cryptographically strong PRNG, though. C.f.
http://en.wikipedia.org/wiki/Fortuna_(PRNG)
--
Robert Kern
rkern at ucsd.edu
"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter
More information about the Python-list
mailing list