Yesterday, the news broke that some secure Internet transactions are actually easy to crack. This type of revelation can have a devastating effect on our confidence in Internet commerce, although I doubt this one will much impact.
The authors of the revealing study found a flaw in the random number generation that is used to encrypt much Internet data. This is not the first time that we’ve discovered that the numbers our computers generate aren’t really random. Why?
A very good random number generator is a physical one, for example, rolling a die. Unfortunately, rolling a die takes a long time, and that makes it a bit impractical for the billions of random numbers we need every day for everything from online gaming to Internet commerce.
Instead, we use so-called pseudo-random number generators. These are computer programs that generate random numbers based on complex mathematical formulas that can be “seeded” by physical events (the weather patterns, the number of letters in the New York Times each day, etc.). The problem is that we sometimes find flaws in these mathematical formulas or seeding that make these random numbers deterministic.
So, how do we find something that is truly random? The truth is, nobody knows the answer. Debates on randomness can devolve (or evolve, depending on how you look at it) into discussions about determinism, quantum theory, and the way the universe works.
Whether or not you believe we’ll ever find true randomness, Our day-to-day needs only require something complex enough so that our current computing power can’t find the flaws. At least for long enough to let me buy my shoes on Zappos safely!
PS: For a cool discussion on randomness, check out random.org.
