Random numbers.

Michael Paul Johnson (mpj@ebible.org)
Fri, 10 Jul 1998 16:31:56 -0600

• Next message: Tom Otvos: "Re: Mersenne Twister"
• Previous message: staym@accessdata.com: "Re: FEE"

At 04:33 PM 7/10/98 -0400, Robin Lee Powell wrote:
>Suggestion for a random number generator:
>
>Take the current timestamp (including seconds) and feed it into a search
>engine (lycos or altavista would probably work best).
>
>Take the (more-or-less random) results and hash the results pages in some
>fashion (the actual raw html) to get bits.
>
>Comments? Thoughts? Suggestions? Code?

The results would be essentially random, but not suitable for use as keying
material because they could probably be reproduced by someone else who fed
in enough time stamps in the suspected area. Besides, I would expect the
results of a time stamp search to frequently be the same "not found"
message. Search engines aren't updated that frequently, even if real
results came out.

By the way, I do have a better method:

1. Make some postings on usenet with real return email addresses (like the
FAQs I post), and put your email address on some web sites pointed to by
major search engines.

2. Write an incoming email processing filter that hashes all the incoming
spam (headers, chain letters, advertisements, pointers to web sites I don't
want to see, etc., both headers and message bodies), along with times of
arrival, into a pool of bytes that gets "stirred up" with each new message.

I actually did this. The random pool of bytes is at
ftp://ftp.csn.net/mpj/random.bin -- but don't use that directly for key
material, for obvious reasons. There are uses for time-varying, publically
accessible random number pools in various protocols, though.

On a more serious note, I suggest a definition for "cryptorandom bits":

Cryptorandom bits are:
1. Indistinguishable from uniformly distributed random bit streams (i. e.
could have been generated with fair coin flips, except maybe faster), but
may be "distilled" from processes that are not uniformly distributed.
2. Generated by a nondeterministic process that cannot be reproduced
exactly each time, even if you try.
3. Based on physical measurements of processes that are inherently random
in nature.
4. Not observed or altered by unauthorized parties.

• Next message: Tom Otvos: "Re: Mersenne Twister"
• Previous message: staym@accessdata.com: "Re: FEE"