Understanding true random generator in machine.

Question

Quoting Text

To generate a "true" random number, the computer measures some type of physical phenomenon that takes place outside of the computer. For example, the computer could measure the radioactive decay of an atom. According to quantum theory, there's no way to know for sure when radioactive decay will occur, so this is essentially "pure randomness" from the universe. An attacker wouldn't be able to predict when radioactive decay would occur, so they wouldn't know the random value.

So, I would like to know what the author means by "pressing keys gives the machine entropy" to my crude understanding by pressing at a certain time it will provide specific weight for generating keys therefore being truly random.

Please help me understand and share your perspective.

Answer 1

The timing of pressing the key is certainly hard to predict but it is not truly random. A nice example to explain this would be the coin flip. If we know the initial force, torque and other factors when the coin in flipped, we can calculate the outcome (heads or tails). A truly random input would be something which cannot be traced to its original condition which would mean that it cannot be predicted.

One way to generate truly random data would be to use quantum effects which are fundamentally random. You could also measure thermal noise from a resistor in a circuit or atmospheric noise.

Answer 2

Let's do a thought experiment. Imagine a computer that does not have access to any source of entropy. This means it has no network access, no inputs, no unpredictable hardware: in short, it's not much of a computer - it's just an elaborate contraption that can produce a completely predictable sequence of outputs. There would be no way to tell if this "computer" was actually computing anything, or simply emitting a pre-recorded sequence of outputs. The outputs can look "random", i.e. have no discernable pattern or structure, but this is meaningless since you get the same sequence every time the computer is run. (Relevant xkcd)

What I just described is essentially the same thing as a PRNG. No matter how random the sequence it generates looks, it can be completely predicted if the starting seed is known. And if there is no input, that means the starting seed is always the same. Hence, the entropy is zero.

From this thought experiment, it is clear that a computer needs some kind of input in order to produce something with non-zero entropy. Since pressing keys is a form of user input that can be highly unpredictable (from the computer's perspective), it serves as a source of entropy and thus can be used to generate random output.

Answer 3

There is a recent US patent on "physically unclonable function" by Gurierri et al which uses the quantum uncertainty and a high quality random filter based on the BiEntropy algorithm to assist in the generation of truly random - uncloneable - sequences