English subtitles

← 02-07 Sources Of Randomness

Get Embed Code
1 Language

Showing Revision 1 created 04/27/2012 by Amara Bot.

  1. And Quantum Mechanics provides a notion of random events
  2. --that there are events in the universe that are inherently random--
  3. and we can count things like radioactive decay with a Geiger counter
  4. and use that to generate randomness from physical events.
  5. Thermal noise is an easier thing to measure in most circumstances.
  6. If you can measure that precisely enough--it also depends on Quantum Mechanics--
  7. at some level and produces randomness.
  8. And many modern processors have a way of generating a small amount
  9. of randomness by measuring thermal noise in the processor.
  10. Whether it's really physically random depends on a lot of other things.
  11. You can also look at things that actually happen, and think that
  12. they are random. Maybe if they're key presses or user actions--
  13. maybe those are random. An example of this is when we generate
  14. a new key using GPG, it will ask you to generate
  15. --when you start to generate a key--it says we need lots of random bytes
  16. and you can perform some type of action like moving the mouse using the disc
  17. to help generate more randomness for it.
  18. And humans aren't good at doing random stuff
  19. When we move the mouse, we're probably moving it in a pattern--
  20. When we type on the keyboard, maybe we're doing things
  21. that are not very random. So unless you're generating your randomness from
  22. quantum physics, there's always some question whether it's really random enough.
  23. Or whether you can predict the particular motions I took. And certainly
  24. given that this has been recorded and released, the fake key that I generated
  25. for Alyssa B. Hacker should not be used for any secure purpose.
  26. So this approach of waiting for physically random events
  27. is OK for GPG, maybe, because someone using it is
  28. probably patient enough to sit around for a while, doing random stuff
  29. as well as a human can to generate a key.
  30. This would not work very well when you need more randomness
  31. more quickly. And this happens every time you do a web transaction.
  32. Every time someone does a secure web session,
  33. any time you see the lock key in your browser,
  34. there's a protocol going on called TLS. We'll talk about that more in a later unit.
  35. But one thing that that requires is a new random key.
  36. for each secure web session.
  37. I don't think many people would tolerate being asked to move around their mouse
  38. and do strange things to generate enough randomness in the hopes that
  39. that key is secure every time you connect to a website.
  40. So we need something better. We need a way to take a little bit
  41. of physical randomness, and that's usually known as the seed--
  42. that's the initial state, and that's the input to what's known
  43. as a pseudo-random number generator. And that produces
  44. a long sequence--that is longer than the amount of physical randomness
  45. we started with--of random bits.
  46. So that's our goal--to take a small amount of physical randomness
  47. --some source of entropy that we can use as a seed--
  48. have some function that will compute from that seed a long sequence
  49. of apparently random bits.