Did you know that you might owe your credit card security to a wall of lava lamps? That atmospheric noise might have been the reason why you won your last sweepstakes prize? Or that radioactive decay could be protecting your identity? Here are some of the weirdest and wackiest real-world methods that random number generators use to stay unpredictable.
Why True Random Number Generators Need Real-World Seeds
If you want to generate a random number to play a game or to decide who is going to take out the groceries this week, you might use a tried-and-true method like rolling dice or flipping a coin. But if you want to protect people's privacy and security on the internet, you need a much stronger way of picking random numbers.
For cryptography to be strong enough to deter thieves and hackers, it needs to be unpredictable. And computers are very bad at unpredictability. In fact, they are programmed to be as reliable as possible so every time your computer runs a program, it works the same way. While a computer can generate a random number, it needs to be instructed how to do so. And anyone who knows those instructions can predict the numbers the program will come up with.
To be secure, true random number generators (TRNGs) need to use an unpredictable element, something that a hacker can't guess, even if they know the program's code. To do this, the TRNG usually takes something from the real world, to "seed" the random numbers that the computer picks.
Here are some of the strangest real-world seeds that random number generators use to foil hackers:
1. A Wall of Lava Lamps
Cloudflare is a company that, according to their website, "powers nearly 10% of all Internet requests for more than 2.8 billion people worldwide." Among other things, they protect websites from DDOS attacks and other hacks. So needless to say, their encryption must be impeccable. They need to seed their encryption programs with a truly random, unhackable number — but how?
For a long time Cloudflare used, believe it or not, a wall of lava lamps called LavaRand to seed their random number generator.
LavaRand sounds wacky, but it worked well. A camera pointed at the LavaRand took a video feed of the highly-unpredictable flow of lava and fed it into "cryptographically-secure pseudorandom number generators." The result was even more unpredictable than the random number generator in the Linux operating system. This provided an additional layer of security to the over 10,000,000 apps and APIs that Cloudflare protects.
One of the easiest to use and most reliable sources of true random numbers is Random.org. Their random number generators, which are used for lottery and sweepstakes drawings, online games, and much more, are powered by — thunderstorms.
Random.org uses radios that are tuned between stations to pick up differences in atmospheric noise, which is mostly influenced by thunderstorms and lightning strikes. Every day around the world, there are about 3 billion lightning strikes, so there's plenty of variation.
Random.org measures atmospheric noise in different locations around the world with a high degree of accuracy, which makes it very hard to predict. In fact, you'd have to be able to monitor every particle in the Earth's atmosphere to do so.
The level of accuracy is important because higher accuracy is harder to guess or predict. For example, it's pretty easy to guess that the temperature on a sunny day is in the 80s. It's much harder to guess that it is 82.17 degrees.
If you measure with a high degree of accuracy and then use only the decimal place numbers, your random number generator is practically impossible to predict.
If you want to know whether you can trust the results, Random.org has a statistical analysis of whether atmospheric noise really works as a random number generator.
3. Your Own Movements
The Linux operating system powers computers, servers, home appliances, and even the International Space Station. It needs to have a trustworthy random number generator available for various purposes. It achieves this goal by tracking its users — or, at least, their movements.
The Linux kernel has a large pool of random numbers to draw from. As random numbers are requested, it replenishes the number pool by tracking mouse movements and keyboard inputs from its users with a high degree of accuracy, as described above.
So if you're using Linux to generate random numbers, you could actually be the seed.
If you'd like to see this random number generator in action, try it out at this Mouse Pointer Random Number Generator. If you want, you can test it by checking whether each digit appears approximately as often as the others.
4. Radioactive Decay
Most of these ways of seeding random number generators are impossible to predict, but still deterministic — which means that they are predictable, in theory. We don't currently have the computing power to track every particle in the Earth's atmosphere, but if we did, we could crack Random.org's atmospheric noise patterns. But the HotBits service at Fourmilab in Switzerland uses a truly random seed source: radioactive decay.
Radioactive particles shoot off electrons at an unpredictable rate. Truly unpredictable. It's not just that we don't have the know-how to estimate when the next particle will be released, it's that the decay is random down to its core. "Even given complete knowledge of the laws of physics as well as the atom’s initial conditions" you can only, at best, come up with a probability of when the next electron will be released, according to an article on American Scientist.
Random number generators like HotBits use a Geiger counter to measure when the electrons are emitted to come up with truly random numbers.
Lasers are another way of generating truly random numbers, with the added benefit that you can use them without needing expensive and dangerous radioactive material. Lasers have the added advantage of providing random numbers very quickly.
For example, researchers developed a chip that tracks the protons that lasers randomly emit. The rate at which a laser emits protons is as random as the rate at which radioactivity emits electrons. The chip then turns the results into electric voltage which can be measured and converted into random numbers.
Random number generators are crucial to the way our internet runs, the way prizes are awarded in giveaways, the way we protect our identities and our financial information. By using innovated, unexpected, and even wacky methods to ensure numbers are truly random, we keep all of these vital activities running as they should.