For secure encryption of the information, randomness is very important. The new key that is used by the computer for encrypting data has to be truly random so that attacker cannot figure out the key and decrypt the data. However, based on the given input, logical outputs cab be provided by the computers. The design of the computers is not for producing random data that is required to generate unpredictable encryption keys. A computer should have a random source of data for producing unpredictable encryption keys which are necessary for chaotic data to get strong encryption. One of the great sources for randomness is the real world because various unpredictable events occur in the physical world.
For example – random lava lamps. The shape of the lava in the lava lamp will never be similar again and a great source for random data is observing a group of lava lamps. You can collect the data by arranging 100 lava lamps on one of the walls present in the lobby. Place a camera in a position so that it can click photos of lamps after regular intervals. The computers stored all the digital images as a series of numbers in which every pixel has its own numerical value. This makes every image a string of totally random numbers. These numbers are used by the servers to create secure encryption keys. A highly strong SSL/TLS encryption is provided by the company to their customers because of these lava lamps.
In cryptography, random is not considered just as statistically random rather it also referred as unpredictable. For example – suppose you are rolling a single six-sided die two dozen times then the following results will come:
1,2,3,4,5,6,1,2,3,4,5,6,1,2,3,4,5,6,1,2,3,4,5,6
In the language of statistics, it is considered as the random distribution of die-rolling results. The probability of every number is equal to being rolled that is why the above-mentioned sequence would appear. This is not an unpredictable sequence and an attacker can easily crack out the pattern if you use this series for encryption.
Since predictable data can be guessed easily that is why encrypted data has to look like completely random data. If any specific pattern or certain values are used for encryption of data or display of certain order consistently then the attacker can easily guess the key used for encryption by applying mathematical analysis. The encrypted data might already have been compromised if it is predictable. The encryption process is also predictable:
But the important thing that cannot allow a hacker to access the information is encryption keys that should be unpredictable. For example – suppose there are 2 poker players. The first one always bets with good cards and declines to do bet with bad cards. The second one always mixes his/her betting strategy so that pattern will not repeat. After that, both players enter in the same poker tournament but the second person stays for longer in the game as compared to the first one because this person is very predictable. Similarly, if the same patterns are used for encrypting data then it is too predictable for the hackers.
Computers cannot create randomness because they run on logic and statements includes if-then run computer programs. For example – If the specific condition is completed, then certain actions need to be performed. The input and output of the program results will be the same each time because of the design. The input should enter that can lead to an expected output and not an unexpected one. If the printer printed any random text different from the text mention in the document, then the chaos will occur. The usefulness of computers is only maintained until they are reliable and predictable. However, this predictable turn out to be a liability when it comes to creating secure encryption keys. Most computer programs are good to simulate randomness but they are not good enough to generate encryption keys.
A pseudorandom number generator (PRNG) is a software program that can take an unpredictable input. This program is used to create unpredictable outputs. Theoretically, PRNG has the capacity to produce an unlimited number of random outputs from a random input. This algorithm is known as pseudorandom or not random because the outputs that come are not completely or perfectly random. This is because of 2 major reasons:
A PRNG that meets more stringent standards is referred to as a cryptographically secure pseudorandom number generator (CSPRNG). It makes cryptography safer to use. There are two requirements met by CSPRNG but not by PRNGs:
Just like PRNG, random data is needed for CSPRNG (cryptographic seed) that is considered as an initial point from which more random data can produce.
The data that CSPRNG starts to create random data is called a cryptographic seed. Theoretically, a CSPRNG produces an unlimited number of random outputs from one cryptographic seed. It is a secured method to refresh the cryptographic seed regularly. The initial cryptographic seed may eventually compromise by an attacker. If the same seed will be given to CSPRNG then the exact same output will produce again and in this condition, the attacker could duplicate the random outputs.
Several operating systems have their own random data source to use in cryptographic seeds. For example – user actions such as mouse movements, typing on a keyboard, etc., but this may take time to obtain the data. Our company mixes the random data that is collected from lava lamps.
When people enter the busy lobby of the lava lamp wall then they walk there and stop talking in front of the lamps. The camera captures some obstructions that become part of the randomness. So, the camera view is partially blocked by the people of the lava lamps that help to generate entropy.
Leave Comment