Computers are deterministic by nature. This may sound untrue if you live in the applications’ realm – don’t we nickname threading as the Heisenberg’s uncertainty principle after all? But you should have no doubt, from power up to the moment you are reading these lines, everything was deterministic in your computer. So, how can you inject randomness? Indeed, you may know – or have noticed – that computers are not good at generating random numbers. Sometimes, this is a blessing. For example, and paradoxically, when you design a program with a random component. Because of their shortcomings, at each run, you may obtain the very same sequence of random numbers. This is great for validation. By the way, we conveniently name them pseudo-random numbers (generators). But, once your code is working as expected, the problem is that you still have your pseudo-random numbers at hand. It is true that you can use some randomness to seed the generator to get the illusion of true randomness (usually the current time), but it is still an illusion. So how do we achieve true randomness? Well, we need a source of entropy. If you are not versed in physics, consider entropy as a disorder or the phenomenon that, with the help of time, kills us all in fine.
Where to Find Entropy
Entropy comes from a truly random physical phenomenon, such as heat or radioactive decay. But all sources of entropy are not equal. In particular, assuming they have the same randomness, the speed at which the phenomenon allows the generation of random numbers must be considered. Indeed, often, the circuitry generating the random numbers needs to see enough of the phenomenon before spitting out a value. Think about it as a blocking read (assuming your entropy pools are empty). Few CPUs have dedicated instructions with the backing entropy source of course to generate random numbers. Intel introduced the RDRAND and RDSEED instructions (~3 Gbit/s – check bit 30 of the ECX using CPUID). If your compiler supports intrinsics to use them (rdrand_64 or rdseed_64 – these are just a few forms of the instruction), then you are all set. Otherwise, you will need to emit these opcodes (0x0F 0xC7 for RDRAND) in assembler, either in-lining in 32-bits or via an assembler for 64-bits. This also means that your code may not always have access to these instructions. In which case, you can buy additional hardware to connect to your computer. I use a TrueRNGpro by ubld.it which has an output speed of ~3 Mbit/s (~ 2.3 x 3.5 x 0.5 inches, ~100 mA) and costs less than $100. This device uses two noise generators relying upon the avalanche breakdown effect of reverse-biased diodes. Other options are more costly, such as the Quantis random number PCI or USB generators by IDQ. If you want some detail on the avalanche breakdown effect, you can watch this video on EEVblog: https://youtu.be/O0ifJ4oVdG4.
So is there a daemon to keep the entropy pool full from a source like this?
r cs I don’t think so. The device sends bits of randomness to the serial (via USB) port as soon as DTR is set and until it is cleared.
However, there are also some fun ways to randomness, e.g. Cloudflare’s “LavaRand”, blog.cloudflare.com – Randomness 101: LavaRand in Production. 🙂
I don’t want to be the spoiler of the party but… In fact most computers have some time varying components which makes them non-deterministic. Memories have varying access times. This is especially true for non-volatile memory and even more for magnetic and optical storage. Second, the pace of clock signals are based on physical properties of crystals. These properties are dependent on ambient physical interactions like temperature. Third, different ic’s which are interlinked using busses, have varying boot times, because they need to get stable power and a lock on their external clocks. The event of these locks is undeterministic. Fourth, different digital signals undergo thermal dependent clock shifts.
That said, a good (embedded) programmer is able to make his software behaviour inert against all these fluctuations.
bart claes Even the ideally regular clock timing may vary due to performance heuristics and thermal throttling – and by this the relative speed of components. (E.g., when the CPU is throttled, I/O gains relatively in speed.) And nowadays we are probably apt to see some artificially introduced randomness in timing, as well, in order to counter side-channel attacks.
bart claes Norbert Landsteiner I hear you friends. What I mean by deterministic is that it is not random, not that it is invariable. All the variations you are mentioning exist and are real. But they are not random in nature. The was I am thinking about it, is the following: if you put your cpu into a test rig – within the same environment – and power it up, it will always – except if it is faulty of course – behave the same way and be in the same state at equivalent time. This is why using the time as unique seed for pseudo-random number generation is not used in crypto. Sure it has variations, but those are not random (they may look like such, I agree, but they can be modeled and therefore predicted).
The lavaland link posted in the comments is an interesting read. It explains difference between random and variant. It also explains a bit of how using the environment of the computer for generating seeds.
Why don’t you simply use the lowest digits of samples recorded by your sound card as random seed? I cannot think of any reason why the lowest digits are more than true noise, hence true random?
bart claes interesting idea of additional source to generate entropy. Note that the Linux implementation (random.c) uses several sources (interesting read). Unrelated to entropy note: this would require to open the mic and sample ambiant noises. I cannot even start imagining the push back the users would do. “Are you ear-dropping on me?!” 🙂
Just sample any analog input that is not a mic
bart claes that sound more reasonable 🙂
Or maybe just sample a light dependent resistor (e.g. one that is sensitive to IR) or temp dependent resistor. The LDR is the same idea as the array of lavalamps, only less bits at once.
Jamel Tayeb I’d suggest, the state of a complex system is in practice unpredictable, while it’s deterministic.
I guess, it may be pretty easy to engineer some kind of noise antenna, i.e. a compound of an open analog port, thermal sensor, maybe even a seismic sensor, etc, and use samples of this to modify the sequence of a RNG repeatedly (in true random intervals). Produced in the masses, this should be rather cheap.
I picked up an Infinite Noise TRNG from Crowd Supply (here in Portland). I made minor changes to the driver so it works with macOS. Pretty cool stuff. crowdsupply.com – Infinite Noise TRNG
Dylan McNamee looks like a nice device. Using thermal noise based on what I glanced. Will read more about it to understand what they mean by it.