-
Notifications
You must be signed in to change notification settings - Fork 0
True Randomness vs. Pseudo‐Randomness
AmberIsCoding edited this page Oct 5, 2024
·
1 revision
Understanding the differences between true randomness and pseudo-randomness is core to understanding why this project exists in the first place. Below is an explanation of both types of randomness, their security implications, and how this password generator leverages both local and external randomness sources, including drand.
Pseudo-randomness refers to sequences of numbers generated by deterministic algorithms that only appear random but can be reproduced if the initial conditions (seed) and algorithm are known.
- Source: Generated by algorithms such as Linear Congruential Generators (LCGs) or Mersenne Twister.
- Predictability: If the seed and the algorithm are known, future values can be predicted.
- Use Cases: Suitable for simulations, modeling, and situations where security isn't a primary concern.
- Linear Congruential Generator (LCG)
- Mersenne Twister (widely used for general-purpose applications but not secure for cryptography)
True randomness comes from physical processes that are inherently unpredictable, such as thermal noise, radioactive decay, or atmospheric conditions.
- Source: Hardware-based Random Number Generators (HRNGs) that leverage physical phenomena.
- Non-Predictability: True randomness is non-deterministic, providing higher entropy.
- Use Cases: Critical for cryptographic systems where high security is paramount.
- drand Distributed Randomness Beacon
- NIST Randomness Beacon
- Predictability: Pseudo-random numbers are predictable if the seed or algorithm is compromised, making them unsuitable for secure password generation.
- Entropy: True randomness offers significantly higher entropy, reducing the likelihood of successful brute-force attacks.
- Best Practice: Combining both pseudo-random and true random sources can provide enhanced security by introducing layers of unpredictability.