There are a number of ways of obtaining relatively decent random numbers, such as shuffling cards (a lot... e.g. weeks and weeks) or using a lottery ball (it's this big container full of balls with numbers on them, buffeted by air, it is actually quite effective at being random, at least good enough for things like powerball lotteries).
However, I'm not talking about those toys, but something infinitely more complex, the stock market. Don't think "how absurd" until you've read my entire argument.
Your best shot at getting randomness is monitoring timing differences between keystrokes, mouse positions, keystrokes, timing between mouse movements, your screen, disk access times etc, and taking the hash of all of it. Then repeating that process constantly. Something like this is how your operating system gets randomness anyway. I don't know if this is random enough for a OTP, but it is random enough for you to use for other cryptographic algorithms, or at least it is what you have to work with anyway. Actually many modern CPU's have their own RNG's built into hardware, although I am not sure the specifics of how these RNGs work, something with thermal noise. Actually even a microphone input can be used to generate random numbers quite well.
The cool thing about (many? all? definitely some.) cryptographic hashing algorithms is that they can distill and uniformly distribute randomness. If you have fifty megabytes of data which has three bits of randomness total contained within it, the cryptographic hash of the fifty megabytes of data will also contain three bits of randomness. A SHA256 output is always 256 bits, so if you hash 50 megabytes with 3 bits of randomness, the output is 256 bits 3 of which are random. Cryptographic hashing algorithms also evenly distribute the randomness of their input into their output. If a fifty megabyte file that starts with one random byte and is followed by only non-random bytes, the cryptographic hash value of the file will contain one byte of randomness equally distributed throughout it.
So in summary I am less concerned about the ability to generate randomness than I am with the problem of sharing the generated randomness between the people who would use it for a one time pad.
In case you don't think the stock market could ever be sufficiently random, it can! Because markets actually are attempts (from a high level perspective) to incorporate all information about the world into them. Prices are a very very concise numerical synopsis of an absolutely terrific quantity of information.
to rip off XKCD....
#include <stdio.h>
int main()
{
printf("%i", rng());
return 0;
}
int rng()
{
int random_number = 4; //returned by a fair die, certain to be random
return random_number;
}
inefficient does not imply consistent predicative power, which is perfect for us and frustration for arbitragers).
Now, there is a caveat or two with this idea. Markets are not perfectly efficient because they are not frictionless, meaning that some differentials won't be arbitraged because of trading fees and commissions, or taxes. This will be a problem for your seed, this is something that is in between irrational patterns (inefficiency) and unpredictability (efficiency) that could produce consistent price behavior. You will need to come up with another mechanism for avoiding these situations, a delicate issue, but I think a manageable one.
Why not just 'randomly' type on the keyboard until you have hit a thousand keys, and then take the SHA 256 hash value of the output? Most estimates say that English has one bit of randomness per character, so it seems safe to assume that your output is a truly random 256 bit number.
19c41bf387172d7eb28fe1997af60a1e8a9b22bc56f01a772cccd6cbde8f84ef is the SHA 256 value of the previous sentence, I think it is probably 256 bits of randomness, since English prose contains about one bit of randomness per character and the sentence was 289 characters long.
1. The stock market can be a source of superb random information (for two reasons, paradoxically, efficiency and irrationality)
2. Everybody has access to the data from all over the world and many channels.
3. Price prediction and seed poisoning is impractical due to information races.
--
Result: A civilian may be able to build highly sophisticated One Time Pads from the stock market(s).
A. Pounding on my keyboard and hashing the result is probably a good enough source of randomness for a OTP.
B. That doesn't solve the problem of key exchange, which is the real issue.
Show Posts
. That said, even RSA 2,048 and AES-128 are more than enough to secure your communications here. I hear that a lot of progress is being made with quantum computer based cryptanalysis and that RSA and ECC are likely doomed, but there are some quantum resistant multivariate quadratic polynomial based algorithms that look promising for the future. Honestly I don't understand the details of such advanced mathematics though.