Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Why is it impossible for one to have an algorithm that generates true cryptographically secure random numbers?

The answer alternates between "it's not" and "depends on how exactly you define algorithm".

With algorithms we usually talk about deterministic instructions. In such a sense an algorithm can't create random numbers, because it'll always output the same thing with the same input.

But give a few random inputs (which there are usually plenty in any complex enough system) we can build an algorithm that will take these random inputs and output an endless, secure stream of random numbers. Which is what every modern operating system does. You don't need any magic external random number source for that, just use what your OS gives you.



Interesting. What "degree of complexity" in the system is a "complex enough system"?


Good questoin, it's hard to give a definite answer, but usually "if it has a harddrive and a network card you're unlikely to have any problem". Rule of thumb: Normal Desktops and Servers are unlikely to be problematic.

Really the only realistic problem is that if you generate a cryptographic key right after booting the device and if the device is something like a router. Look here [1] for some research on that. That scenario can be avoided by newer APIs (newer linux kernels have the getrandom system call for that) that only will spit out random numbers once the RNG has been initialized with enough randomness - but in return you may get services blocking at boot.

[1] https://factorable.net/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: