Curious RNG stalemate [was: use of cpunks]

[Jon Callas]

Be aware in all of this of the Heisenberg-Schödinger Credulity Effect. That effect is that the word "quantum" sucks people's brains out, and otherwise sensible people suffer from impaired reasoning.

It is certainly true that radioactivity is a random effect, and is quantum in nature. That does not mean that in order for a random sampling to be quantum, it must be based on radioactivity; there are other quantum sources of randomness. Noisy diodes, resister noise, CCD noise, etc. are all quantum. If you want to get picky, *all* physical effects are quantum, even ones that aren't usefully random. There is nothing magic about one physical source or other that makes it more suited for crypto. Thinking that a hardware source should be radioactive is affirming the consequence, as well.

Not does it mean that a radioactive (or other) source is suitable for cryptography without some sort of conditioning. Hardware sources are often biased in distribution, or have other numeric flaws that can be fixed with a whitening function.

In short, radioactivity is neither necessary nor sufficient for cryptographic use. If you want to use a source for crypto, you want to run it through a system like /dev/random or at the very least a DRBG to give clean outputs.

Furthermore, what we really want in crypto is what I call "unguessability." This is both weaker than true randomness and stronger. It's stronger in that the numbers have to remain secret. A completely random process that everyone knows is completely unsuitable for crypto, but a weakly entropic input can be jiggered into suitability.

To sum up -- don't get wrapped around the axle about radioactivity. It's not the only random process in the universe, and you have to do a lot of work once you have it. The sort of work that you need to do is precisely what a well-done OSRNG does.

	Jon