Sign in to follow this  
Numerlor

Truly random "software only" number generator (?)

Recommended Posts

Posted (edited)

The Idea I got is that some people (or ceratin group) would voluntary install "Keylogger" But it would work by storing every keystroke in alphabetical order into some kind of text file (Or just writing how many times certain key was pressed) and send it after a while, the number generation would be based on count of each letter press from last hour or so (A 60 C 20 etc.). Would this be random?
Maybe after 15 presses of one key it would ignore it (For gaming or spam)

 

//It could also have offline version in which you would just smash your keyboard for half a minute and get something 

Edited by Numerlor

Share this post


Link to post
Share on other sites
Posted (edited)

Would it be truly random?  Not a mathematician but I'd reckon probably not.  People use keyboards to type meaningful things that will very frequently feature patterns.  Might be better than pseudorandom routines like Mersenne Twister, might be 'random enough' for some applications, but truly random?  I'd be interested to hear the input of someone better versed in the subject.

The 'keylogger' aspect of it makes it sound extremely unattractive tbh as well... sets off all kinds of 'only good things can come of this' alarms in my head from a security point-of-view.

EDIT: also your 'anti-spam' idea might actually reduce the randomness rather than increase it.

tsNeV.jpg

Edited by pxi

Share this post


Link to post
Share on other sites
Posted (edited)

Patterns are out because of storing it in alphabetical order and then getting those numbers according to number of every keypress from some kind of algorithm (Badly written in OP, changed now)
For that Keylogger thing, for that it would need to be open source (or at least the key logger part) So people can see it isn't sending everything as you write it

Edited by Numerlor

Share this post


Link to post
Share on other sites
18 minutes ago, Numerlor said:

The Idea I got is that some people (or ceratin group) would voluntary install "Keylogger" But it would work by storing every keystroke in alphabetical order into some kind of text file (Or just writing how many times certain key was pressed) and send it after a while, the number generation would be based on let's say last 10 000 letters. Would this be random? and maybe after 15 presses of one key it would ignore it (For gaming or spam)

It wouldn't be all that random (language is too structured for that), and it sounds horribly impractical compared to existing random number generators. I think I'll stick with std::rand.

1 minute ago, Numerlor said:

Patterns are out because of storing it in alphabetical order and then getting those numbers according to number of every keypress from some kind of algorithm (Badly written in OP, changed now)

Even then, it'll still not be random. Let's say we're typing English. If we're going by number of times each key is pressed, then we're going to be biased towards 'e' and against 'x'. Letter distribution simply isn't even enough. Plus, a program storing all my keypresses and then sending them over the internet does not sound like a thing I would ever install.

Share this post


Link to post
Share on other sites
Posted (edited)

For letters as X Y Z I'm mainly betting on gamers, I agree that vowels will be leading, might need something from that, implemeting other languages with things like ž ä ô would be maybe good for something but won't do much. Might need something for that but now I'm aiming for creditability of main idea
On that keylogger as I wrote above after you posted this, opensource might solve that

Edited by Numerlor

Share this post


Link to post
Share on other sites
Posted (edited)
5 minutes ago, Numerlor said:

On that keylogger as I wrote above after you posted this, opensource might solve that

You would be far better probing the hardware for things like cpu temperature etc imo... and then you don't have to convince people that your keylogger is totally not a security risk.

Edited by pxi

Share this post


Link to post
Share on other sites

Cpu temp looks to consistent for me and with small usable range, if something from hardware something like number of bytes currently on RAM would be better

Share this post


Link to post
Share on other sites
Just now, Numerlor said:

Cpu temp looks to consistent for me and with small usable range, if something from hardware something like number of bytes currently on RAM would be better

Some just use coin flips.

But yeah, I was only giving a single example - you'd look for as many sources as possible.

Share this post


Link to post
Share on other sites

Since your software already runs on some hardware, why not use part of that hardware for seed?

Even if you use pseudo RNG for majority of your numbers, every now and then you reseed your RNG with a trully random seed and get better overall randomness.

Share this post


Link to post
Share on other sites

No.

All modern operating systems come with cryptographically secure PRNGs (see CryptGenRandom and /dev/random for details on the main ones). Just use the operating system facility - it's incredibly unlikely most programmers can do better.

Share this post


Link to post
Share on other sites
On 30-5-2017 at 8:18 PM, Numerlor said:

The Idea I got is that some people (or ceratin group) would voluntary install "Keylogger" But it would work by storing every keystroke in alphabetical order into some kind of text file (Or just writing how many times certain key was pressed) and send it after a while, the number generation would be based on count of each letter press from last hour or so (A 60 C 20 etc.). Would this be random?
Maybe after 15 presses of one key it would ignore it (For gaming or spam)

I am almost certain that, depending on the language, you can make statistical assumptions about the number of keypressen to a scary precision. Keyboard inputs are pretty much the opposite of random and the more key presses you have, the more average the result will be.

Share this post


Link to post
Share on other sites

To put it this way: I don't think there are many ways left to draw statistical data from sensible text, that is text that form meaningful words and phrases, that the intel community hasn't already studied in depth. They can tell if a garbled text is fake or genuine in that the ungarbled text was meaningful. If you want something truly random then patterns is a no-no. What people type on their keyboards would be full of patterns, over time.

Share this post


Link to post
Share on other sites
10 hours ago, Camacha said:

Keyboard inputs are pretty much the opposite of random and the more key presses you have, the more average the result will be.

For what it's worth, while the text entered is not reliable, the time between keystrokes is much better and is frequently used as a source of entropy (for systems that have a keyboard, obvs).

Share this post


Link to post
Share on other sites

As some letters are pressed a lot more often than others (e vs z), you would get a lean towards those numbers...

Share this post


Link to post
Share on other sites

Wel, it could just be counting ones at alphabetical order (or random from some kind of seed like @Shpaget said) and then just take that number

Share this post


Link to post
Share on other sites
Posted (edited)

What you are describing is something operating systems and applications already do. It's known as collecting entropy, external sources of randomness from the computer's environment. It's not truly 'software only', it relies on a hardware source of randomness, just not a dedicated source. Mouse movements, keystroke timings, microphone noise, and so on are used. (Recording the letters typed would generally not be very helpful, and security concerns mean it's better to discard that and just use the keystroke timings). Even if the first number of such a value is quite predictable, the last decimal place is very random.

The entropy is then fed into the random number generator. The algorithms need to remove any biases that might be present in the entropy source.

The amount of entropy can also be evaluated, and this gives two options. The software can be sure to not produce more numbers than it has bits of entropy to make truly random, which means the numbers are truly random but they might be delayed coming if the entropy source is inadequate. Or the software can 'stretch' the entropy by being a pseudorandom number generator, which means numbers can come as fast as the CPU can calculate but they are not truly random.

For example on Linux /dev/random takes the former approach and /dev/urandom takes the latter. For most applications urandom is better.

EDIT PS: Although, an increasingly common approach is to use a dedicated hardware random number generator. Modern CPUs or chipsets typically have one built in, and these usually work by amplifying the thermal or electrical 'noise' present in chips. However not all programs and operating systems make use of them.

EDIT PPS: On Linux I can monitor how many bits of entropy the RNG has. In normal use it's around 3800 (max is 4096). If I start writing pseudorandom data from /dev/urandom to disk it doesn't bat an eyelid, copying a gigabyte in a few seconds. If I start writing truly random data from /dev/random to disk the amount of entropy promptly drops to near zero and the speed of the disk writes slows to a crawl, under a kilobyte per minute, as it waits for more entropy to come in.

Edited by cantab

Share this post


Link to post
Share on other sites

I'm going to assume you have purpose for random numbers or you wouldn't be going through the trouble that you're describing. In that case, look at the library of your programming language of choice; there's usually a module that does what you want (the latest Python releases have a secrets module for generating pseudo-random numbers that are "safe" to use for cryptography, for instance).

If you're looking for more academic purposes (classroom assignment?) consider using a webcam. Set the ISO to high and shutterspeed to fast (a guarantee for lots of noise), use the standard random generator to pick an x,y coordinate, and collect the least significant (noisy) bit from that pixel. Repeat for as many bits as you need.  Random, simple, no keylogger needed, and fast.

Share this post


Link to post
Share on other sites

What if you made the RNG have more R by combining a bunch of them together!?!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this