Sam Quigley writes
What are some of the more common "coincidences" and non-random correlations that ordinary random number generators (ones found in common computer languages that don't take extensive measures to be random) have?
The most common one is "linear correlation" between successive random values. The typical PRNG supplied with compilers is what's called a "linear congruential random number generator", which has something like: S0 = (user supplied seed) Sn+1 = ( a * Sn + b ) mod c Rn = f(n) The choice of constants a, b, and c are critical to the process. A decent practical discussion is in "Numerical Recipes in C". If you take N successive random numbers and interpret them as a point in an N-dimensional space, then the points generated by the linear congruential PRNG don't tend to fill up the space as they would in the "true" random case. They tend to lie on N-1 dimensional planes instead, and when a, b, and c are chosen poorly, sometimes *very* few such planes.
It seems that there's a lot of fuss about getting very random numbers, but unless the numbers produced by ordinary measures have very obvious coincidences, maybe it's a big fuss about nothing...?
If NetScape uses such a PRNG to select 40bit keys for SSL, then the work to be done in brute-force search going on right now might be *significantly* reduced by knowing the planes on which the numbers lie. If the constants are particularly poor, there might be as little as ten or twelve bits of real key. You could search that on a *Newton* in less than an hour or so --- nevermind the MasPars and such being used in the current project.