We know that "random" numbers that we generate in our code are really pseudo-random. They, in the case of Java, default to using the timestamp as a random seed and every random number produced after that is deterministically created from
If you use random numbers to generate a password and a malicious party knows what day you generated that password, they would only have to iterate through each millisecond in that day. That would be 1000 * 60 * 60 * 24 = 86.4 million. This is not a very big number of guesses for a sophisticated party. Edward Snowden famously warned, "assume your adversary is capable of one trillion guesses per second."
The problem is, how do we produce truly random numbers? What I'd like is to sample 16-bit audio from the microphone of my laptop and use the least-significant 8 bits of two samples to form a seed. The idea here is that the least-significant part of an audio signal is where the noise is carried. For example, here are a few two-byte values from a 16-bit sample recorded in a relatively quite place:
0,19
0,38
0,-49
1,93
1,-29
1,-80
You can see that the most significant byte is 0 or 1, which means the wave being recorded was barely registering. On the other hand, the least significant byte value is jumping all over the place. That's a fertile ground for random seeds!
It would be nice to have a utility that easily produces random numbers and random pass keys using the noise signal producedby the real-world noise around us.
Aucun commentaire:
Enregistrer un commentaire