And Quantum Mechanics provides a notion of random events
--that there are events in the universe that are inherently random--
and we can count things like radioactive decay with a Geiger counter
and use that to generate randomness from physical events.
Thermal noise is an easier thing to measure in most circumstances.
If you can measure that precisely enough--it also depends on Quantum Mechanics--
at some level and produces randomness.
And many modern processors have a way of generating a small amount
of randomness by measuring thermal noise in the processor.
Whether it's really physically random depends on a lot of other things.
You can also look at things that actually happen, and think that
they are random. Maybe if they're key presses or user actions--
maybe those are random. An example of this is when we generate
a new key using GPG, it will ask you to generate
--when you start to generate a key--it says we need lots of random bytes
and you can perform some type of action like moving the mouse using the disc
to help generate more randomness for it.
And humans aren't good at doing random stuff
When we move the mouse, we're probably moving it in a pattern--
When we type on the keyboard, maybe we're doing things
that are not very random. So unless you're generating your randomness from
quantum physics, there's always some question whether it's really random enough.
Or whether you can predict the particular motions I took. And certainly
given that this has been recorded and released, the fake key that I generated
for Alyssa B. Hacker should not be used for any secure purpose.
So this approach of waiting for physically random events
is OK for GPG, maybe, because someone using it is
probably patient enough to sit around for a while, doing random stuff
as well as a human can to generate a key.
This would not work very well when you need more randomness
more quickly. And this happens every time you do a web transaction.
Every time someone does a secure web session,
any time you see the lock key in your browser,
there's a protocol going on called TLS. We'll talk about that more in a later unit.
But one thing that that requires is a new random key.
for each secure web session.
I don't think many people would tolerate being asked to move around their mouse
and do strange things to generate enough randomness in the hopes that
that key is secure every time you connect to a website.
So we need something better. We need a way to take a little bit
of physical randomness, and that's usually known as the seed--
that's the initial state, and that's the input to what's known
as a pseudo-random number generator. And that produces
a long sequence--that is longer than the amount of physical randomness
we started with--of random bits.
So that's our goal--to take a small amount of physical randomness
--some source of entropy that we can use as a seed--
have some function that will compute from that seed a long sequence
of apparently random bits.
