>>> Plz excuse if inappropriate. Does anyone know of a decent (as in >>> really >>> random) open source random generator? Preferably in PHP or C/C++? >>> >>> Thanks.
Getting back to the initial question, the answer I think is 'no'. You haven't expressed clearly what you want from this RNG, but you're asking in a crypto forum and you said 'really random', which I take to mean you want something that is suitable for crypto applications, like generating keys, feeding key search algorithms, random IVs, nonces and all the other fun stuff we do. I take it to mean you are not just looking for a CS-PRNG. For this you need an algorithm that A) Measures the physical world in a way that translates quantum uncertainty into digital bits with a well defined min-entropy. and B) Cryptographically processes these numbers such that they are unpredictable (in specific ways) and indistinguishable from random. and maybe C) Uses that to seed a CS-PRNG to give you lots of numbers with low overhead and guaranteed computational bounds on the adversary. An algorithm in C, C++ or PHP in isolation cannot offer the necessary properties because those languages can only be used to express deterministic behaviors. The hardware you run on must provide the source of non determinism. This could be by sampling local physical events that happen to be entropic or from a local entropy source circuit, or by reaching out over the internet to other sources (this has issues) or a combination of all three. In a pinch you can look at the whole system as assume entropy is leaking in through its pores, and then sample the system state in complicated ways. But this approach is tightly bound to the chosen system. It is not portable. So knowing this, you can know what to go looking for. 1) A physical source of entropy -> Check your hardware specs 2) An entropy extractor -> http://en.wikipedia.org/wiki/Randomness_extractor 3) A CS-PRNG -> http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator Code for 2 and 3 are spread all over the internet. For 1, buy one, buy a computer that has one or get out your soldering iron. Bill Cox has been discussing his interesting design for such a thing right here. DJ _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
