The importance of randomness in online security
Recently updated on
I recently visited the website random.org, which is a free/fee-based generator of random numbers. It's been around for a long time - since 1998. It made me revisit the concept of randomness and how oddly hard it is to achieve.
Why is randomness important?
It's amazing how many things rely on randomness. Wiping a hard drive, for example. Jury selection, military draft, who kicks off the Super Bowl, who wins at Keno. Heat shield design. Calculating probable locations for search and rescue. Buying stuff on Amazon. Your shuffled Spotify playlist. All these things and many, many more rely on random number generation.
Randomness is the core of web-based security as well. Transport Layer Security certificates rely on it to encrypt information in transit between your computer and a website. Database encryption tools rely on it to encrypt your information while it is stored on a website's server. Authentication systems rely on it when you log into a website.
Why is randomness difficult?
It turns out that true randomness is elusive. Most random number generators are based on elaborate mathematical formulae. But these only give the apperance of randomness. Anyone with access to the formula or its pattern might be able to reverse engineer the calculation to determine the next number. Just ask Daniel Corriveau who won $620,000 playing Keno at the Casino de Montreal.
The alternative to math is nature. Selecting some aspect of nature with a high degree of entrophy is the most common method for true randomness. Examples such as electromagnetic or quantum phenomenon fall into this category, as does random.org which uses atmospheric noise captured by an array of radio telescopes.
Why is randomness cool?
The original random.org generator used an old Radio Shack radio set to a frequency of static - the space between radio stations in the days before digital receivers. Static, it turns out, is atmospheric noise created largely by lightning flashes worldwide.
So, next time you're buying something online, take comfort in the fact that you may be protected by the echo of a lighning strike. And the next time you're caught in a thunderstorm, ponder how many websites will be secured whenever the sky lights up.