Talk:Hardware random number generator
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||
|
Text and/or other creative content from Hardware_random_number_generator was copied or moved into Draft:Comparison_of_hardware_random_number_generators. The former page's history now serves to provide attribution for that content in the latter page, and it must not be deleted as long as the latter page exists. |
check link!!
[edit]http://freehg.org/u/olau/random/ there pornosite now —Preceding unsigned comment added by 94.45.73.56 (talk) 18:38, 13 May 2011 (UTC) What
What's your problem with porn?
half truths
[edit]This article needs lots of work: it's full of half-truths. — Preceding unsigned comment added by Unknown user (talk • contribs)
- I rewrote most of the article trying to use the review sources and more modern approaches to TRNG construction. --Dimawik (talk) 07:21, 11 September 2023 (UTC)
XOR and bias
[edit]I quote the article in its current state: "Let the probability of a bit stream producing a 1 be 1/2 + e, where -1/2 < e < 1/2. Then e is the bias of the bitstream. If two bit uncorrelated bit streams with bias e are exclusive-or-ed together, then the bias of the result will be 2e^2."
In fact, the actual answer is -2e^2. For example, suppose you XOR two bitstreams together which have a bias of e=1/2. By the definition above, this means that both bitstreams produce ones every time. Since 1 XOR 1 = 0, the resulting bitstream would have a bias of -1/2, which is equal to -2e^2. You can prove the general case youself easily.
A while ago, I fixed the answer in this article to be -2e^2 but Matt Crypto reverted my change. He incorrectly cited the Piling-up Lemma. But the piling up lemma defines the bias differently: in the Piling-up lemma, the bias is e if the probability of the bitstream producing a 0 is 1/2+e, whereas this article defines the bias as e if the probabilitiy of produccing a 1 is 1/2+e.
I have corrected the article again. Hopefully Matt Crypto will read more carefully before reverting good changes in the future.
--DavidGrayson 17:58, 19 February 2006 (UTC)
This section claims you can improve a near-random bit stream by XORing with the output of a Blum-Blum-Shub generator or a good stream cipher. This does make the stream, seen by a naive observer, have good statistical properties. But it is not cryptographically useful, since, in the absence of a secret seed for the auxiliary generator, an attacker can simply remove the effect of the auxiliary generator and take advantage of the known bias and correlation of the hardware generator.
I started to edit the article, casting the suggestion as a "proposed improvement", and explaining the above, but then I realized that a variant strategy would be to take a prefix of the hardware generated entropy and use it to seed the PRNG. This got too complicated to explain to Wikipedia quality in the time I have at hand. But I urge somebody to do something about this misinformation. Maybe the paragraph should just be deleted.
DMJ001 (talk) 23:48, 9 January 2009 (UTC)
trancendental numbers
[edit]article contains the phrase:
- "or even trancendental number such as pi, or e, or phi."
I am not sure what number the author refers to by phi. Phi is somtimes used the represent the number called the 'devine ration' or 'golden section'. That number is not a trancendental number but a simple algebraic number.
I haven't edited, because I don't know if phi also refers to some well known trancendental number.
- You are right, and I have edited it to a more correct state. Dysprosia 12:08, 22 Aug 2003 (UTC)
Hello. This is an interesting article. I have reworked the introduction. The main change has been to emphasize hardware rng in the intro; the previous rev had a lot of stuff about pseudo-rng's, which is interesting but a digression in the intro. Yes, it is necessary at some point to contrast the two, but putting that before a description of hardware rng's seems to be putting the cart before the horse. -- There is also a depreciative tone in the comparison with pseudo-rng's, to the effect that pseudo-rng's are bad because they're not really random. Well, that's a feature, not a bug; whether it's a problem depends on the purpose for which numbers are needed, and this article needn't, and shouldn't, take a stance one way or another. Happy editing, Wile E. Heresiarch 14:58, 31 Mar 2004 (UTC)
Revision
[edit]I made a pass at editing it. I moved the section about attacks on RNGs to the random number generator attack article. I also deleted the paragraph on using lossless compressing to improve entropy. I am not aware of anyone who does that and I'm not sure it would work on a stream that was close to random.
It could still be tighter. --agr 21:41, 9 Dec 2004 (UTC)
Why isn't this located at True random-number generator? --Smack 23:26, 22 Dec 2004 (UTC)
- There are some who question the existance ot "true random numbers." I'm not one of them, but it's perhaps best to use a more neutral title. You're free to add a redirect if you wish. --agr 04:50, 23 Dec 2004 (UTC)
- There's a lot to be said for not making bold claims in titles, but this article's present title strikes me as short-sighted and misleading. I've noticed a tendency among Wikipedists (and others) to, when describing a phenomenon, note its superficial aspects rather than its essential aspects. In this case, the essence of an RNG of this type is that its randomness is based on some acceptably random physical phenomenon (ex. radioactive decay), rather than just an algorithm. The fact that it is implemented in "hardware" is entirely secondary, but also inaccurate, as any RNG must include both "hard" and "soft" components. --Smack 19:09, 3 Jan 2005 (UTC)
- The use of the word "hardware" to distinguish RNG's based on random physical processes from PRNGs is common in the field and antidates Wikipedia. The best terminology might be to reserve "Random Number Generator" for those based on random processes and use Pseudo-Random Number Generator for algorithm only methods. Unfortunately, that would mislead too many people because so many computer programming languages have a "Random Number Generator" that is in fact pseudorandom. I believe the word hardware has stuck because it makes the point that users need something beyond what is in the normal computer CPU to be assured of unpredictability. Anyway, its an established term of art and Wikipedia should respect that. It may make sense to work this discussion into the article, however. I may give that a try. --agr 22:17, 3 Jan 2005 (UTC)
Naming
[edit]I've moved this back from "Hardware random-number generator"; usage seems to favour leaving out the hyphen. See this Google test. — Matt Crypto 19:04, 23 Dec 2004 (UTC)
Question on existance of randomness
[edit]I removed the annon. question "This also raises the question whether true randomness exists?" from the "Contrast with pseudo-random number generators" section. A theoretical basis for the existance of true randomness lies in the laws of Physics. See the articles and discussions on Quantum Mechanics and in particular the Bell test experiments. --agr 11:34, 16 May 2005 (UTC)
At the quantum level, nature is not deterministic, and unlike dice and roulette wheels, which are strictly chaotic (deterministic but unpredictable on long timescales). However, it is a philosophical point whether the unrepeatable nature of quantum observations is due to true randomness or merely the fact we can't know all the initial conditions perfectly (due to the Heisenberg uncertainty principle). — Preceding unsigned comment added by 92.27.55.215 (talk) 15:11, 26 April 2012 (UTC)
- How did you prove that nature is not deterministic exactly? These numbers generators are simply claimed to be random, not proven to be. Any code appears to be random before you figure out how it works. The whole article needs changing to reflect the fact that these are claims not facts. — Preceding unsigned comment added by 24.207.136.200 (talk) 14:26, 21 December 2014 (UTC)
- You could make the same argument about everything on Wikipedia -- "you can't know anything with absolute certainty, therefore these are claims not facts". But the article reflects current scientific consensus that some quantum processes are truly unpredictable. But the sourcing could certainly be better.
- As for How did you prove that nature is not deterministic exactly?, you can study quantum mechanics if you want to know the long answer. You shouldn't expect anyone on Wikipedia to come up with the proofs, that would be original research. -- intgr [talk] 02:30, 22 December 2014 (UTC)
- I agree, but would argue that the discussion on the true randomness in general is beyond the scope of this article, which is about a practical device to generate the "good" random numbers. As a practical device, the question of the source being ideally random or the problem being just not solvable at the current state of science, is immaterial: if an adversary cannot crack the source, the output of the latter is just as good as a perfect random bit stream; NIST would use the words "full entropy" to describe the randomness that is extremely close to the perfect one. Furthermore, a practical device can be broken not just by the unsound science behind it, but (more often and in more profound ways) by bad implementation, physical damage to the components or a deliberate attack. Therefore at the practical level the problem becomes more of (1) "is the science behind the source good enough?", (2) "what testing do we perform to ensure that the source is not broken?", (3) "can an adversary exploit the physical limits of the analog source?". Dimawik (talk) 23:26, 6 August 2023 (UTC)
Unilateral edits
[edit]I hate to be a drive-by editor, but reading this page gives me enough of a headache to want to fix it. Most Wikipedia articles grow without bounds and this one is no exception.
I can't even tell if it's trying to be about hardware RNGs attached to a computer (that seems to be the intent and would be how I'd classify a hardware RNG) yet it has significant discussion of traditional random sources such as cards and dice. I hate to do a hack-n-slash job on the article, but that's what I'm sorely tempted to do.
The text about early uses of random number tables belongs somewhere but it has little to do with hardware RNGs. Ditto with the comment about Galton, applications of random numbers, etc. Is there a need for an article on the history and uses of random numbers? I could start one; it would be an interesting topic to research. There are several articles where snippets of random number history are randomly duplicated, and such an article would also give the "state of sin" people a place to get the von Neumann quote off their chest once and for all. (That joke's a funny-once... at best.)
The information about bias, software whitening, etc. seems a bit too detailed for this article. It's interesting (and perhaps useful) without a doubt, I just feel it's overkill for an overview-level article about hardware RNGs. Again, worthy of a place, just probably not here and certainly not at the level it's currently at. 12.103.251.203 01:15, 2 April 2006 (UTC)
- 12,103...,
- I think your expectations for such an article are misplaced. Random is a very subtle and difficult concept. All of the considerations here are apposite for randomness, and the various methods attempting to make real hardware generators are relevant. Your objection seems to be that this is not the overview article you wanted to see. Perhaps there should be a Randomness -- an overview article. I agree that it might be interesting to research, and I think i'd probably want to contribute to such a thing. As for the snippets observation, well you're right. However, there is no requirement for minimum word expenditure in any particular content area. Randomness being so tricky and so routinely fumbled by those accostomed to it, WP is fully justified inattempting to include some perspective in places readers might need it. And note avoiding duplication, however annoying to the well-informed.
- In short, while I sympathize with your plaint, I can't agree that it's quite right for this article. ww 03:09, 4 April 2006 (UTC)
- My approach to WP:DUE is simple: if a review of HRNGs in a peer-reviewed publication mentions the fact, then we can, too. In particular, Galton and random number tables are easy to find in such reviews, so the 24-position dice contraption and 400-page books qualify as proto-HRNG and a product of the first electronic RNG respectively. Most other subjects you have mentioned (bias, software whitening) went completely out of scope by becoming obsolete. With almost no sources, I have simply removed them. Dimawik (talk) 07:31, 11 September 2023 (UTC)
Physical basis
[edit]The section on the physical basis for randomness had some negative information content, confusing quantum and thermal noise. I revised it, but it could use some more work; e.g., I didn't find a precise citation in the statistical mechanics articles for the statement I wanted, namely that every degree of freedom of a physical system at thermal equilibrium has a particular amount of randomness. All this information comes from an undergraduate physics education, but surely one can find articles that give a more complete discussion. --Dylan Thurston 06:18, 10 April 2006 (UTC)
- I did an edit pass and took out statements about thermal noise being predictable in principle (it isn't) and some other unsupported stuff. I think the article you are looking for is the Equipartition theorem.--agr 13:49, 10 April 2006 (UTC)
- Thanks for the corrections. "In ways not easily characterized by the laws of physics" is just right. But I think there is a point to be made about thermal noise vs quantum noise. If you know the complete initial state of a quantum system (like the beam splitter), you cannot predict its future behaviour (modulo potential disagreement about the laws of physics, which should perhaps be acknowledged). OTOH, if you knew the complete initial state of (say) a noisy resistor, you could predict its future behaviour for a while, at least until the underlying quantum uncertainty gets magnified until it has macroscopic effects. Surely this is worth mentioning? I haven't done the calculations; perhaps the magnification in question is very quick and the distinction is not worth mentioning in realistic situations? --Dylan Thurston 23:21, 10 April 2006 (UTC)
- Even if the electrons in a resistor were acting as a perfect classical gas, knowing on the order of Avagadro's number of initial states is totally unrealistic. It certainly has no effect on the construction of hardware random number generators. But the electrons are not a classical gas. If they were, they would instantly radiate all their heat energy due to the ultraviolet catastrophe. Thermal noise from a resistor is essentially the same as black body radiation. The electrons are constrained to a finite, though large, number of energy states and which state they end up in after a collision is determined by quantum probabilities. If I remember correctly the collision rate is on the order of 9 billion times per second per electron at room temp. And there are lots of other effects: inelastic scattering, interaction with photons and phonons, the resistor is in thermal contact with the air, etc. --agr 20:46, 11 April 2006 (UTC)
- +1 agree. Classifying resistor noise and the avalanche noise in a Zener diode under "Physical phenomena without quantum-random properties" is factually incorrect. Even some sources of athmospheric noise are probably quantum in origin. An example of a phenomenon that would be predominantly classical would be the Brownian motion of a nanoparticle in solvent, though I haven't heard of its use in RNGs. OneAhead (talk) 04:11, 15 October 2013 (UTC)
- I changed the verbiage and classification to the ones used in peer-reviewed articles that review the subject. The terminology is muddy by nature (as neatly pointe to by Herrero-Collantes & Garcia-Escartin): in practical electronic devices all sorts of noise are lumped together and hard to isolate, therefore Herrero-Collantes & Garcia-Escartin place such devices into the "classical" (non-quantum) group - but point to (few) counterexamples that I did not copy into the article, as they would not change the fact that, say, Zener diode noise is a gray area with regard to quantum/classical divide. Dimawik (talk) 07:37, 11 September 2023 (UTC)
- +1 agree. Classifying resistor noise and the avalanche noise in a Zener diode under "Physical phenomena without quantum-random properties" is factually incorrect. Even some sources of athmospheric noise are probably quantum in origin. An example of a phenomenon that would be predominantly classical would be the Brownian motion of a nanoparticle in solvent, though I haven't heard of its use in RNGs. OneAhead (talk) 04:11, 15 October 2013 (UTC)
The section "Physical phenomena with quantum-random properties" should only contain Physical phenomena with quantum-random properties. Other phenomena should go into other sections, or the section "Physical phenomena with quantum-random properties" should be renamed. I can't tell them apart. I'd like to know, if my avalanche diode noise is theoretically unpredictable or not, but the current mess doesn't tell. I'll now split the section above the thermal phenomena and if any phenomenon is in the wrong section, someone hopefully will move it. It won't get any wronger this way. Darsie42 (talk) 15:35, 16 September 2009 (UTC)
- I changed the verbiage and classification to the ones used in peer-reviewed articles that review the subject. Dimawik (talk) 07:48, 11 September 2023 (UTC)
truly randomizing in BASIC external link??
[edit]This was added 20 June 06. Seems rather questionable to me. any comments? ww 16:55, 20 June 2006 (UTC)
Truly Random perl module
[edit]I've reworded the mention of this module in the article. It originally said that the module created real random numbers. Someone changed it to say it created pseudorandom numbers. I settled on saying that the writers claim it does real random. Can anyone say for sure? -- BillWeiss | Talk 06:36, 5 October 2006 (UTC)
- Looking at the code, it seems to increment a counter until a timer fires (set for 17 ms), dubiously reduces the counter value to 3 bits, and shifts it into the end of a buffer. It plays roulette 11 times (generating 33 bits) and returns the number in the buffer. It has obvious flaws if the "unsigned" type has more than 33 bits, and it relies so heavily on non-guaranteed entropy that I wouldn't trust it without putting many bits through SHA-1. It also uses the deprecated signal() API, which may cause it to crash on modern versions of Linux when the process is sent SIGALRM). ⇌Elektron 17:41, 21 December 2008 (UTC)
Clock Drift - Company Product and Patent
[edit]An implementation that can be run on a fifth generation (Pentium class) or higher computer is provided by ComScire with their PCQNG software. The PCQNG uses the noise component or jitter produced by Phased Locked Loop circuits in the PC. This implementation is protected by one or more of the following Patents: U.S. Patent No(s).: 6,324,558; 6,763,364; 6,862,605; 7,096,242. See also Design Principles and Testing of PCQNG 2.0. --24.18.145.244 (talk) 05:51, 13 July 2008 (UTC)
- Above comment moved from top of page. ww (talk) 00:42, 14 July 2008 (UTC)
- Looks like a bunch of bogus patents to me. ⇌Elektron 16:14, 21 December 2008 (UTC)
I don't know who first invented this first. At AT&T Bell Labs, I wrote a clock-drift RNG in April of 1984 that used SIGALRM to interrupt a "for (;;) count++" loop. This counted at about 1 MHz on the VAX 11/780, and I called it four times to accumulate a 32-bit number. In 1995, I wrote an improved version that used the millisecond Sleep() routine to sample QueryPerformanceCounter() in Windows, basically exploiting drift between the pentium CPU clock and the system time clock. DonPMitchell (talk) 16:02, 18 June 2009 (UTC)
unsigned ML_TrueRandomUnsigned() { static LARGE_INTEGER nPerformanceCount; static unsigned n; BOOL bResult; int i; for (i = 0; i < 32; i += 8) { bResult = QueryPerformanceCounter(&nPerformanceCount); Sleep(1L); n = (n << 8) | (n >> 24); n ^= nPerformanceCount.LowPart; } return n; }
Oh, OK, I see the article includes a discussion about truerand in Cryptolib. That's what I was talking about above, it uses SIGALRM. I believe my performance-counter version above is superior to the one I wrote for CryptoLib. DonPMitchell (talk) 02:48, 19 June 2009 (UTC)
- I would say that this whole section was out of place here. This physical RNG article is about the dedicated hardware; the clock drift is about getting around the lack thereof. In this respect it is closer to scavenging for entropy in disk spin-up performance and timing of the keystrokes. This subject is important, but it is not a hardware TNG that uses hardware dedicated to the task. Algorithms that hunt for the entropy in other ways are called (by NIST) non-physical nondeterministic random bit generators, they deserve to have their own article. Dimawik (talk) 07:43, 11 September 2023 (UTC)
Early Attempts
[edit]This section contains material about Tippett's 1927 book of 41,600 digits taken from census records. That does not belong in this article, since it is not about hardware (i.e. physical) methods of generating random numbers.
In contrast, the RAND book of 1000000 random digits is appropriate, since those were generated by a physical means: "a random frequency pulse source, providing on the average about 100000 pulses per second, gated about once per second by a constant frequency pulse." And so is the stuff about the lottery technique.
I propose that the mention of Tippett's digits from the census tables be removed. If I don't see any objections in a month or so, I'll do it.
DMJ001 (talk) 04:15, 10 January 2009 (UTC)
- I have to disagree. I assume from the brief description that the random digits were taken from low order digits of census data. If so, this is comparable to other processes that extract randomness from physical phenomena, e.g. low order bits in a digital image. The exact census count of a particular tract is influenced by random events, such as accidental deaths, infectious disease spreads, fertility, etc. Indeed some cancers are caused by radioactivity, with the last mutation presumably dependent on the timing and path of one radioactive particle. The enumeration process itself may have random errors. For example, bad weather, or a vehicle breakdown, may cause a census taker to arrive at a particular dwelling a day later, after a death or birth has occurred that changes the count he would have gotten the previous day. In any case, some latitude in what we include is appropriate in an historical survey, such as the section in question, for completeness. --agr (talk) 11:24, 11 January 2009 (UTC)
- I assume you meant to say that the numbers should not be called random.
- The key idea of a hardware random number generator is that it is based on some physical process that satisfies two criteria: (1) The process is either fundamentally random (photons passing through half-silvered mirror or being reflected to respective detectors, radioactive decay) or is so very complicated and/or chaotic as to defy analysis and modeling (thermal noise, ping-pong balls in the lottery machine), and (2) careful observation verifies the randomness. These properties make each output of the hardware generator unpredictable. Unpredictability allows hardware random number generators to be used in games and lotteries.
- In contrast, the census data does not satisfy the requirements informally laid out above. There is no physical process that is unpredictable. Even if you found statistics from past data that were uniformly distributed and uncorrelated, you could not use them, for example, for a lottery. The people wagering on the lottery would just look ahead in the census data, find the numbers that were going to be the winners, and bet on them. Similarly, in a cryptographic application, an attackers could figure out the keys.
- The same applies to the RAND table, after it was published. But I assert that it is valid for this article because it is one of the first known examples of an electronic hardware random number generator with all the properties we expect.
DMJ001 (talk) 07:14, 13 January 2009 (UTC)
- Yup, thanks for pointing out this mistake. Also I should have been more careful and said that the process of generating numbers from census data should not be called a random number generator rather than just talking about the result. One should really talk about the process used to generate the numbers and not the numbers itself. Then it is clear that the process used for the RAND book is a rendom number generator and hence is relevant to this article, but the method used on the census data is not a random number generator and hence is not a suitable example for this article. This method might still contain some valuable information for a different article talking about how to generate uniform distributions from biased inputs. 85.3.198.181 (talk) 10:54, 13 January 2009 (UTC)
- Think what happens if the experiment is repeated. The method used for generating the numbers in the RAND book will result in an independent set of random numbers every time it is repeated. Repeating the experiment with the census data will result in exactly the same numbers each time the same input data is used. While the numbers may have some nice distribution they clearly should be called random. 81.62.11.108 (talk) 12:14, 11 January 2009 (UTC)
- I think that the article is about a particular device, not a way to generate random numbers in general. Therefore, any text about exotic theoretical ways of generating the random numbers using something that can be loosely classified as "hardware" is out of place, unless an actual device is being (or had been) used for this purpose and there is a source that links this exotic implementation to the topic of the article. Dimawik (talk) 22:18, 6 August 2023 (UTC)
Pseudo-random number generators
[edit]This whole section is not relevant to hardware random number generators. I propose in be reduced to just a couple of sentences to help the reader know the distinction between a hardware random number generator and a pseudo-random number generator. It might well lose its status as a section, and just be worked into the text of the introduction. DMJ001 (talk) 04:04, 29 January 2009 (UTC)
- Hardware RNGs can be PRNGs. Hardware and "True" are NOT the same. You can build a LFSR in hardware. That is deterministic. Even clock beating can be deterministic with quality oscillators. 72.11.53.153 (talk) 18:22, 20 January 2025 (UTC)
Broken link
[edit]The link in the external references section that says "An article on the history of generating random numbers" is broken. I tried to find the article at American Scientist, but was not successful. If anyone knows what this is supposed to point to, please fix the link. DMJ001 (talk) 04:18, 29 January 2009 (UTC)
merge
[edit]I suggest merging the section one-time pad#Achieving Shannon security, which appears to talk about hardware random number generators, into the hardware random number generator article. --68.0.124.33 (talk) 03:01, 27 March 2009 (UTC)
- I would be reluctant to do so. The topics are conceptually distinct, though HRNG are one way (perhaps the best way???) to provide the random sequences which are required of the one time pad. In this article, the one time pad is an illustration of one use of HRNG, and provides a way to discuss an aspect of alleged (probable??) differences between HRNG and RNG algorithms. The wording is a tempting red herring, i think. ww (talk) 18:46, 27 March 2009 (UTC)
I agree with the previous. Although the One-Time Pad CAN be implemented in hardware, it can also be implemented in software. It could also be implemented by hand! The one-time pad is NOT synonymous to Hardware Random Number Generator. Do not merge. —Preceding unsigned comment added by 66.29.182.58 (talk) 04:42, 2 May 2009 (UTC)
I concur. Do not merge. Two articles can talk about similar things. Sukiari (talk) 00:20, 22 October 2009 (UTC)
Dice Rollers
[edit]Would it be acceptable to put information about automatic dice rolling machines into this article? Fully referenced of course. Colincbn (talk) 12:14, 13 November 2009 (UTC)
False etimology of "Shot noise"
[edit]I have removed the following statement from the article because it is evidently incorrect:
The term [shot noise] is a clipping of the term "Schottky noise," referring to the scientist who first published regarding this phenomenon.
There is no source for the statement on clipping, the main article Shot noise doesn't mention it, and moreover the name IS inspired on behavior of real shot (pellet) ammunition. That is evident from the German term, de:Schrotrauschen, which directly translates to "shot noise" - "Schrot" means "shot" (the ammunition type.) --Arny (talk) 16:30, 5 November 2015 (UTC)
- Agree, this attempt at what looks like "amateur etymology" is ridiculous. Glad you caught it. --ChetvornoTALK 03:27, 6 November 2015 (UTC)
How did von Neumann's algorithm to fix bias work?
[edit]The article describes a "simple algorithm": "John von Neumann invented a simple algorithm to fix simple bias and reduce correlation. It considers two bits at a time (non-overlapping), taking one of three actions: when two successive bits are equal, they are discarded; a sequence of 1,0 becomes a 1; and a sequence of 0,1 becomes a zero. It thus represents a falling edge with a 1, and a rising edge with a 0. This eliminates simple bias, and is easy to implement as a computer program or in digital logic. This technique works no matter how the bits have been generated." What is being described always produces a bit stream 1 0 1 0 1 0 etc. ... which is not very random. What is missing from the description? A5 (talk) 20:54, 10 June 2019 (UTC)
- The analogy with a falling/rising edge would make sense only if the sequences were overlapping. But since they are non-overlapping, this problem does not arise. ★NealMcB★ (talk) 23:29, 14 September 2022 (UTC)
True != hardware
[edit]A _hardware_ random number generator can be either true or pseudo-random. For example, an LFSR implemented on an FPGA is both a hardware and pseudo-random number generator. If the page is about true random number generators, as it seems to be, it should be titled "True Random Number Generator." 129.31.224.110 (talk) 17:01, 12 July 2020 (UTC)
- The problem is TRNG also has multiple meanings, as it can have no hardware (see the "non-physical" discussion in the article lead). To avoid all these ambiguities, NIST had coined the term NRBG (see the lead), but it sounds awful and is hardly self-explanatory. So it looks like we are stuck between HRBG and TRNG, both being imperfect. That said, I would prefer TRNG as more popular among practitioners. Dimawik (talk) 06:41, 6 August 2023 (UTC)
- Finally, there is a name "physical" RNG, with its abbreviation creating yet another set of problems. Dimawik (talk) 04:29, 9 September 2023 (UTC)
"QRNG" listed at Redirects for discussion
[edit]A discussion is taking place to address the redirect QRNG. The discussion will occur at Wikipedia:Redirects for discussion/Log/2021 December 8#QRNG until a consensus is reached, and readers of this page are welcome to contribute to the discussion. Chumpih. (talk) 08:02, 8 December 2021 (UTC)
Quantum RNG
[edit]This article is about a particular device that is used in real-life applications. A myriad of physical processes exist that exhibit stochastic behavior; many easily observed macroscopic phenomena are not deterministic on a sufficiently long timescale (cf. chaos theory), for example, the weather is not really predictable. In my humble opinion, we should not list these processes here just because they exist, unless they are actually used for the purpose, so the sources for this article should always mention actual implementations that are used (or were being used) to actually generate random numbers for some application, and not just describe the research on randomness of some process. Same approach should be taken for the quantum phenomena. For example, it is hard to imagine Geiger counters placed into electronic systems at a time when a tiny piece of silicon, many orders of magnitude smaller and cheaper, can deliver the same results. Dimawik (talk) 22:36, 6 August 2023 (UTC)
- I have re-written most of the phenomena lists using a couple of sources with reviews. There is a review of quantum sources (Herrero-Collantes & Garcia-Escartin cited in the text), but I do not have an easy access to it, thus it the quantum section is left as-is. --Dimawik (talk) 03:15, 10 September 2023 (UTC)
- Found a pre-print version of an article, rewrote the quantum section, too. Dimawik (talk) 05:07, 11 September 2023 (UTC)
- There are literally thousands of works on the subject, so I humbly request that decisions on future additions of new TRNG techniques to the text are based on the reviews in scientific publications, not papers by the inventors themselves or mass media. --Dimawik (talk) 03:15, 10 September 2023 (UTC)
Non-physical
[edit]I have removed a couple of sections explaining how to generate entropy without using dedicated hardware. Since this article is about dedicated hardware, the sections were out of scope (and practically unsourced). Feel free to voice objections, but IMHO these snippets of text belong to a completely different article, non-physical nondeterministic random bit generator that is yet to be written. Dimawik (talk) 03:02, 10 September 2023 (UTC)
Removed Dealing with bias
[edit]The section "Dealing with bias" listed old algorithms that can improve some properties of the random stream. The problem with this (unsourced) section was in the fact that these algorithm would not simplify the reasoning about the randomness (and might actually hurt during the validation process of an actual device). The vetted "conditioning" in, say, SP800-90B is very different. I decided to simply remove this text that touches the subject of this article only tangentially anyhow; if someone wants to restore text, it should be moved to the "History" section and very carefully aligned with modern sources (we cannot bluntly state, for example, that von Neumann debiasing is simply OK, and any source stating that it is, is actually obsolete). The need for conditioning is described in the lead. Dimawik (talk) 06:44, 11 September 2023 (UTC)
Tests in RFC 4086?
[edit]Does the RFC 4086 define any actual tests to be performed? If not, mention if it IMHO it should be removed from the section "Perfprmance test". Dimawik (talk) 17:03, 24 December 2023 (UTC)
- No objections for a long time. Removed. Dimawik (talk) 23:31, 17 January 2024 (UTC)