You would have come across randomness on a computer at a particular point; whether it is playing a game where assets spawn at random locations, writing code that requires random numbers, shuffling a playlist to play a random song next, the whole shebang. Computers use random numbers in everyday applications.
This article contains an affiliate link to purchase OneKey crypto hardware wallets, at no extra cost to you. This helps support my articles.
This begs the question of “are computers truly random?”. How can a device with wires, circuits, logic gates and transistors that are switching on and off billions of times a second able to generate random numbers?
Let me put you out of your misery, computers are not random, on their own at least.
Computers are deterministic.
This is a fancy way of saying that for a given set of inputs, a computer would always produce the same output. A computer cannot just create a number out of thin air. It needs a starting number (seed) and a formula to produce a “random" number. At a high level, this is how Pseudo Random Number Generators (PRNGs) work.
The paradox.
This means that if someone knows the starting number and the formula the computer uses to generate a random number, one can actually generate every random number the computer has generated in the past and would ever generate.
For average users like you and I, this is not a problem in our games and streaming platforms. However for advanced folks, this is an issue as they can literally ‘crack’ the system.
Computers use random numbers beyond games and shuffling your playlist. Web3 wallets use random numbers to generate private keys, Password salts involve the use of random numbers among other secure applications.
Imagine if someone could predict every private key you would ever generate on your device, that’s basically a disaster waiting to happen.
The solution: Entropy
Computers are deterministic and attackers can steal information from memory to predict future random numbers. How then do computers generate “secure random numbers"?
The solution is to look outside its CPU and memory walls and get real-world data.
The world we live in is a chaotic mess of ever-changing data: temperature, photons hitting a surface, traffic data among others.
Computers can use this data to generate random numbers that are secure and unpredictable.
How?
The computer takes real-world data around it using sensors and its hardware, the data is passed into an entropy pool in the operating system and the pool is hashed using a mathematical function. When the computer needs a random number, it takes a snapshot of the pool, applies a mathematical formula with a counter and spits it out.
Why this beats math for security.
Like I said earlier, an attacker could grab the starting number and formula from memory and generate every random number the computer would ever generate.
Using chaotic, real-world data that the OS dumps into its entropy pool, the computer can generate random numbers by looking outside its own self.
A classic example of this is how Cloudflare uses Lava lamps - https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/ to create secure internet connections.
How secure is this?
This method of computer randomness is so secure that it is used to generate private keys for web3 wallets, encrypt passwords and other high-risk security applications.
How does it handle duplicates? Random data is added to the entropy pool every few milliseconds and the hashing formula has a property called the avalanche effect — addition of a small new data causes a big change in the output.
[1,3,6] — 0x1acd.... // current entropy pool
[1,3,6,1] — 0xc176....// entropy pool after addition of new data
Also, the key used with the counter to generate random bytes is destroyed every few seconds. The counter is a nonce (number that can be used once) that cannot be replayed once used.
All of these factors keep the Random Number Generator truly random, very secure and unbreakable.
Are humans any better?
If you are asked right now, to "quickly pick a random number between 1 and 20," your brain feels like it is making a completely free, chaotic choice. But cognitive psychologists have run this experiment thousands of times, and the results show that humans are incredibly predictable.
Our brains are hardwired pattern-recognition engines. We are physically incapable of "making something up" without being influenced by our recent memories, what we are looking at in the room, our cultural biases, and the neural wiring of our brains.
In a strange way, a computer using an entropy pool is actually mimicking us. It uses its "eyes and ears" (hardware sensors measuring heat and noise) to pick a number, just like we use our senses and subconscious memory to pick one.
So, who is truly random?
If "true randomness" means generating a number out of pure nothingness without any prior cause, then neither computers nor humans can do it. We both live in a physical universe governed by cause and effect.
In my next article, we will explore how crypto hardware wallets like OneKey, use randomness to generate secure private keys.
OneKey offers secure hardware wallets whose firmware and hardware designs are fully open-source and auditable right on GitHub. Backed by heavyweights like Coinbase Ventures and Dragonfly, they offer an incredible product lineup.
Click the link below to get 10% off OneKey hardware wallets.
Top comments (1)
Lava lamps were a brilliant solution.