prng

10 Articles

Random Number Generator Is A Blast From The Past

November 2, 2023 by 16 Comments

Hackers love random numbers, or more accurately, the pursuit of them. It turns out that computers are so good at following our exacting instructions that they are largely incapable of doing anything that would fit the strict definition of randomness — which has lead to some elaborate methods of generating the unexpected.

Admittedly, the SB42 Random Number Generator built by [Simon Boak] isn’t exactly something you’d be using for cryptography. The method used to generate the digits, a pair of 555 timers sending pulses through linear-feedback shift registers, would at best be considered pseudo-random. Plus the only way of getting the digits out of the machine is by extracting them from the Nixie tubes with your Mark I Eyeballs. But it absolutely excels at the secondary reason many hackers like to build their own randomness rigs — it looks awesome.

Externally, it absolutely nails the look of a piece of vintage DIY year. Down to the classic white-on-black label tape. But open up the hood, and you’re treated to a real rarity these days: wirewrap construction. In an era where you can get PCBs made and shipped to your door for literally pennies, [Simon] is out there keeping the old ways alive. It doesn’t just look the part either. Unlike most modern projects we see, there isn’t a multi-core microcontroller behind the scenes doing all the work, it’s logic gates all the way down.

This isn’t the first random-ish number generator that we’ve seen use shift registers. But if you’re looking for something that might actually pass some randomness checks, and don’t mind working with something a bit spicy, you could check out some of the previous devices we’ve covered that used radioactive decay as an entropy source.

Continue reading “Random Number Generator Is A Blast From The Past”

Dice Rolls From The Beginning Of Time

January 5, 2022 by 30 Comments

Generating random numbers might seem like a trivial task, that is until the numbers need to be truly random for cryptography or security reasons. When that’s the case, it turns out that these numbers are really “pseudo-random” and follow a predictable pattern. Devices that can produce truly random numbers often do it by sampling random events in the real world rather than relying on a computer to do it directly, like this machine which simulates a dice roll by looking at the cosmic microwave background radiation.

The cosmic microwave background radiation exists in the infrared at the farthest edges of the observable universe as a remnant of the big bang. It’s an excellent source of randomness, but tapping into it poses a bit of a challenge. For this build, [iSax] is using an old Soviet-era Geiger tube to detect the appropriate signal, and a Nixie tube to display the dice roll. After the device detects two particles from the Big Bang, the device measures the amount of time that passed between the detection of both particles and uses this number to calculate the dice roll.

While it takes a little bit longer to roll this dice than a traditional one since it has to wait to detect the right kind of particles, if you really need the randomness it can’t be beat. It certainly works as dice, but we can also see some use for generating truly random numbers for other applications as well. For some other sources of random inspiration be sure to check out our own [Voja Antonic]’s deep dive into truly random number generation.

Continue reading “Dice Rolls From The Beginning Of Time”

Linux Fu: The Linux Shuffle

February 3, 2020 by 35 Comments

Computers are known to be precise and — usually — repeatable. That’s why it is so hard to get something that seems random out of them. Yet random things are great for games, encryption, and multimedia. Who wants the same order of a playlist or slide show every time?

It is very hard to get truly random numbers, but for a lot of cases, it isn’t that important. Even better, if you programming or using a scripting language, there are lots of things that you can use to get some degree of randomness that is sufficient for many purposes. Continue reading “Linux Fu: The Linux Shuffle”

Random Word Pairings Mark The Time On This Unusual Clock

April 15, 2019 by 4 Comments

Gosh, the fun we had when digital calculators became affordable enough that mere grade school students could bring one to class. The discovery that the numbers could be construed as the letters of various dirty words when viewed upside down was the source of endless mirth. They were simpler times.

This four-letter-word “clock” aims to recreate that whimsical time a bit, except with full control over the seven-segment displays and no need to look at it upside down. This descends from a word clock [WhiskeyTangoHotel] made previously and relies on a library of over 1000 four-letter words that can be reasonably displayed using seven-segment displays, most of them SFW but some mildly not. A PICAXE is used to select two of the four-letter words to display every second or so, making this a clock only by the loosest of definitions. Word selection is pseudorandom, seeded by noise from a floating ADC pin, but some of the word pairings in the video below seem to belie a non-random sense of humor. As is, there are over a million pairings possible; it might be fun to add in the full set of two- and three-letter words as well and see what sort of merriment ensues.

While we like the Back to the Future vibe here, we’ve seen some other really nice word clocks lately. There was the one that used PCBs as the mask for the characters, and then a rear-projection word clock that really looks great.

Continue reading “Random Word Pairings Mark The Time On This Unusual Clock”

Twitter RNG Is Powered By Memes

January 25, 2018 by 8 Comments

Twitter is kind of a crazy place. World leaders doing verbal battle, hashtags that rise and fall along with the social climate, and a never ending barrage of cat pictures all make for a tumultuous stream of consciousness that runs 24/7. What exactly we’re supposed to do with this information is still up to debate, as Twitter has yet to turn it into a profitable service after over a decade of operation. Still, it’s a grand experiment that offers a rare glimpse into the human hive-mind for anyone brave enough to dive in.

One such explorer is a security researcher who goes by the handle [x0rz]. He’s recently unveiled an experimental new piece of software that grabs Tweets and uses them as a “noise” to mix in with the Linux urandom entropy pool. The end result is a relatively unpredictable and difficult to influence source of random data. While he cautions his software is merely a proof of concept and not meant for high security applications, it’s certainly an interesting approach to introducing humanity-derived chaos into the normally orderly world of your computer’s operating system.

Noise sampling before and after being merged with urandom

This hack is made possible by the fact that Twitter offers a “sample” function in their API, which effectively throws a randomized collection of Tweets at anyone who requests it. There are some caveats here, such as the fact that if multiple clients request a sample at the same time they will both receive the same Tweets. It’s also worth mentioning that some characters are unusually likely to make an appearance due to the nature of Twitter (emoticons, octothorps pound signs, etc), but generally speaking it’s not a terrible way to get some chaotic data on demand.

On its own, [x0rz] found this data to be a good but not great source of entropy. After pulling a 500KB sample, he found it had an entropy of 6.5519 bits per byte (random would be 8). While the Tweets weren’t great on their own, combining the data with the kernel’s entropy pool at /dev/urandom provided something that looked a lot less predictable.

The greatest weakness of using Twitter as a source of entropy is, of course, the nature of Twitter itself. A sufficiently popular hashtag on the rise might be just enough to sink your entropy. It’s even possible (though admittedly unlikely) that enough Twitter spam bots could ruin the sample. But if you’re at the point where you think hinging your entropy pool on a digital fire hose of memes and cat pictures is sufficient, you’re probably not securing any national secrets anyway.

(Editor’s note: The way the Linux entropy pool mixes it together, additional sources can only help, assuming they can’t see the current state of your entropy pool, which Twitter cats most certainly can’t. See article below. Also, this is hilarious.)

We’ve covered some fantastic examples of true random number generators here at Hackaday, and if you’re looking for a good primer for the Kingdom of the Chaotic, check out the piece by our own [Elliot Williams].

What Is Entropy And How Do I Get More Of It?

November 2, 2017 by 55 Comments

Let’s start off with one of my favorite quotes from John von Neumann: “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.”

What von Neumann is getting at is that the “pseudo” in pseudorandom number generator (PRNG) is really a synonym for “not at all”. Granted, if you come in the middle of a good PRNG sequence, guessing the next number is nearly impossible. But if you know, or can guess, the seed that started the PRNG off, you know all past and future values nearly instantly; it’s a purely deterministic mathematical function. This shouldn’t be taken as a rant against PRNGs, but merely as a reminder that when you use one, the un-guessability of the numbers that it spits out is only as un-guessable as the seed. And while “un-guessability” isn’t a well-defined mathematical concept, or even a real word, entropy is.

That’s why entropy matters to you. Almost anything that your computer wants to keep secret will require the generation of a secret random number at some point, and any series of “random” numbers that a computer generates will have only as much entropy, and thus un-guessability, as the seed used. So how does a computer, a deterministic machine, harvest entropy for that seed in the first place? And how can you make sure you’ve got enough? And did you know that your Raspberry Pi can be turned into a heavy-duty source of entropy? Read on!

Continue reading “What Is Entropy And How Do I Get More Of It?”

33C3: How Can You Trust Your Random Numbers?

February 1, 2017 by 49 Comments

One of the standout talks at the 33rd Chaos Communications Congress concerned pseudo-random-number generators (PRNGs). [Vladimir Klebanov] (right) and [Felix Dörre] (left) provided a framework for making sure that PRNGs are doing what they should. Along the way, they discovered a flaw in Libgcrypt/GNUPG, which they got fixed. Woot.

mpv-shot0012-zoomCryptographically secure random numbers actually matter, a lot. If you’re old enough to remember the Debian OpenSSL debacle of 2008, essentially every Internet service was backdoorable due to bad random numbers. So they matter. [Vladimir] makes the case that writing good random number generators is very, very hard. Consequently, it’s very important that their output be tested very, very well.

So how can we test them? [Vladimir] warns against our first instinct, running a statistical test suite like DIEHARD. He points out (correctly) that running any algorithm through a good enough hash function will pass statistical tests, but that doesn’t mean it’s good for cryptography.
Continue reading “33C3: How Can You Trust Your Random Numbers?”