Randomness

7 November 2019

Most programming languages include a random number generator (RNG) in their standard libraries or environments such as Math.random() in Javascript or rand() in Ruby. But these functions are not true randomness but merely an approximation.

Huh? So what is true randomness? Wikipedia states the following:

Randomness is the lack of pattern or predictability in events. A random sequence of events, symbols or steps has no order and does not follow an intelligible pattern or combination.

Doesn’t sound much like software does it? That’s because software is deterministic. We call a function in the same environment, with the same input variables and same state, and we know that we will always get the same value.

Randomness with Software

RNGs in software are pseudorandom which basically means they appear to be random. They usually work by taking a seed value as an input and provide an output based on that seed. That seed is usually handled for you and generated on a changing value (or collection of values) based on the machine’s state such as current time, process specs and memory usage. None of which are of course random.

In fact some random generators ask you to add some computer usage as ‘randomness’ is generated! I am using the Unix password manager, Pass on this Linux machine and as it generated a gpg key, it gave me a prompt with the following:

While the key is being generated, it is a good idea to move your mouse around a little bit to give it a bit more random number entropy for the creation of the key pair.

Entropy is the measurement of unpredictability. So what this prompt is saying is just a little more randomness into the mix and move your mouse …um okay!

Randomness with Hardware

So if software does not allow us the ability to create random numbers. Could hardware? Engineers have gotten really creative:

random.org uses atmospheric noise and expose the numbers generated to the public.
Cloudflare have a wall of a 100 lava lamps that are on ²⁴⁄₇ and are video recorded. The pixels generated create a good level of ‘randomness’ with not only the state of the lava creating a good level of entropy, but also the atmospheric lighting, air and noise.
Similarly, SushiRNG is an open source RNG that records fish movement in a tank.

Now are these methods creating true randomness? I’ll leave that question to the philosophers, but it is certain that these approaches are an improvement over the psuedo random number generators of software.