Hotbits vs. vs. Anything else?

jp flag

I was searching for a random seed to use with a pseudo-random number generator (not trying to encrypt anything). I went to the following web sites:

It appears that has a solid history and is not experiencing problems with DDoS attacks because they do not require an API key. I obviously would not want to use anything from either of these sites as an encryption key, but does anyone know whether the results from using are any more or less truly random than what I could get from HotBits with my own API key?

I am mostly trying to make sure that my API key itself is not being used in the generation process. Other than that, I have no major ideas why I would avoid HotBits, outside of the inconvenience of ordering my own API key.

kelalaka avatar
in flag
what happened to /dev/urandom ?
SAI Peregrinus avatar
si flag
Computers have had built in RNGs for years now. /dev/urandom on Linux, getrandom() on Linux or BSDs, CryptGenRandom on Windows, etc.
cn flag

For most uses, a random number needs to be secret. It needs to be something that nobody else knows. It is, by construction, impossible to obtain a random number from some website: the website also knows it.

Every modern computer has a random generator. Even more and more embedded devices have one. Just use that. It's available through your operating system, you don't need to do anything special. Just call getrandom() on Linux, BCryptGenRandom on Windows, /dev/*random on Unix-like operating systems, …

For some uses, a random number can be public, but what's important is that it's demonstrably not chosen by you. For example, lotto winning numbers. You can use a random generation service as a trusted third party to obtain random numbers that are not chosen by you, but then the problem is that you can't demonstrate that the random numbers weren't chosen by you. Even if you could prove that the random numbers were obtained by the service, you might have tried multiple times until you obtain numbers that are favorable to you.

If you need a demonstrably random number, see A source of randomness that anyone can independently, conveniently and robustly access?. That number will be public. If you need a random number that's both demonstrably random, and only known to a restricted set of people, then use a public demonstrably random number and a secret random number generated by you and shared to the restricted set before the demonstrably random number is available as inputs to a key derivation function.

Gilles 'SO- stop being evil' avatar
cn flag
@PaulUszak They don't provide “pseudo seeds”. A pseudo seed would be deterministically generated from some other seed. They provide the conditioned output of an unpredictable physical phenomenon. An actual TRNG would be an _unconditioned_ output of an unpredictable physical phenomenon and therefore too biased to be directly useful.
Paul Uszak avatar
cn flag
Err, are you confusing a TRNG with it's upstream entropy source? TRNGs are pretty much unbiased by definition. And aren't your 3 examples exactly pseudo seeds as they are generated by pseudo random number generators like (ChaCha + state)?
Gilles 'SO- stop being evil' avatar
cn flag
@PaulUszak That's the usual definition of TRNG: the physical source before conditioning. Of course the word is often used metonymically to mean a physical object that contains both a TRNG and a conditioning circuit. Whatever you wish to call it, there are two concepts here: the entropy source, which has outcomes that are unpredictable but does not produce _uniformly_ random bits, and the whole package of entropy source plus conditioning, which produces uniformly random bits. The output of the whole package is not _pseudo_random: it is not derived deterministically.
cn flag

I'm assuming that you're interested in those truly random seeds generated physically as part of a classic TRNG ($H_{in} > H_{out}$), and my answer is tailored accordingly.

I would avoid by virtue of them not publishing exactly how the numbers are generated. "Atmospheric noise" is not a randomness generation and extraction technique in itself. Secrecy $\ne$ randomness. For all we know, they might use some linear congruential generators and lie about it. Although I have to accept that their numbers do seem statistically indistinguishable from random.

I'd also pretty much rule out the inbuilt CSPRNGs in modern computer kernels. Since the venerable /dev/random/ was sabotaged out of existence (Cui bono?), all you have left are pseudo random generators and not classic Kolmogorov TRNGs.

So that leaves two new comers. There's the Ozzie ANU QRNG using vacuum zero point energy, and of course mine at using (currently) a web camera.

Since you question the randomness of these sources, you have realised that there are varying levels of randomness in TRNGs depending on their final output entropy bias, $\epsilon$. NIST recommends $\epsilon < 2^{-64}$. I don't have bias figures for the others' TRNGs above, but's output bias is estimated to be a ridiculous $\approx 2^{-10,000}$. That's simply due to the input output numbers across the randomness extractor in accordance with the left over hash lemma. I just waste a lot of the entropy.

We don’t know whether contemporary pseudo random functions like SHA-2 can output blocks with so little bias as it’s impossible to generate the requisite massive data sample for analysis. My question on this matter remains open unfortunately.


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.