-4

Random number generators depend on a good seed in order to provide real random numbers. On source for good seed is to take the input of the user, since human behaviours is not deterministic.

One way to do that is to let user's enter some characters and measure the time between the keystrokes. Here some code to illustrate this:

        Console.WriteLine("please enter some text (at least 10 characters)");
        DateTime startDateTime = DateTime.Now;
        List<double> timeStamps = new List<double>();
        ConsoleKeyInfo cki;
        int cnt = 0;
        do
        {
            cki = Console.ReadKey();
            double timeStamp = DateTime.Now.Subtract(startDateTime).TotalMilliseconds;
            timeStamps.Add(timeStamp);
            cnt++;
        }
        while ( (cki.Key != ConsoleKey.Enter) || (cnt<3) );
        Console.WriteLine();

The code above measures the time bertween the keystores, which are saved in array timeStamps.

Using this human data, which calculate a seed like this:

        double sum = timeStamps.Sum(v => v * 20);
        int seed = Convert.ToInt32(sum);
        Console.WriteLine($"seed: {seed}");

And then we can calculate real random numbers:

        Console.WriteLine("5 random values:");
        Random rnd = new Random(seed);
        for(int i=0;i<5;i++)
        {
            int n = rnd.Next(100, 200);
            Console.WriteLine(n);
        }

I'm interested in you opinion and your thoughts about my approach. Interesting enough I have never seen a solution like this on the internet.

Aedvald Tseh
  • 1,757
  • 16
  • 31
  • 1
    _"It is well known that random number generators depend on a good seed in order to provide real random numbers"_ -- baloney. Where did you get that idea? A good PRNG will produce "real" random numbers for _any_ seed (i.e. "real" as in properly distributed...the only way to get **real** random numbers is to use an actual random process to generate them, not a pseudo-random-number-generator, like the `Random` class, such as those found in programming frameworks). – Peter Duniho Jun 10 '17 at 18:38
  • As for your code above, using human input timing is a common approach for generating random numbers, not seeds. For example, electronic gaming machines (e.g. slot machines, poker games, etc.) often have a PRNG running continuously, where user input causes a random number to be selected based on the current state of that continuously-running PRNG. Your idea is far from new, and Stack Overflow is not an appropriate to have a general discussion on it in any case. – Peter Duniho Jun 10 '17 at 18:40

1 Answers1

-1

Actualle I thnk you misunderstand the concepts a bit.

You are regering to pseudo random number generators. These are built on functions that produces random numbers where each number returned is calculated from the previous number returned. Knowing the first number you get the exact same sequence each time. The output looks random and is sufficiently random for mane purposes. Being a known sequence also make it possible to write test for specific behavior as you can reproduce the random numbers for each test run. It is basically a known pattern or sequence of numbers.

But assuming the output is cryptographically safe randomness is not secure. Don't generate secrets using pseudo random numbers. Don't generate secrets using pseudo random numbers.

Most languages have modules for creating real random numbers. (in. NET it would be the CryptoRandomProvider). These classes use real entropy like combinations of network packages, inputs on mouse and keyboard, disk seeks and whatnot to create truly random numbers. On Linux you would have access to reading from /dev/random contains truly random bytes but can also be exhausted.

faester
  • 14,886
  • 5
  • 45
  • 56