Whether it is to maintain the security of your balance treasure encryption process or you play "Battlefield 4", the computer will produce random numbers. There are two kinds of random numbers--"true" random numbers and pseudo random numbers--the difference of which is related to the security of the encryption system.
As the discussion of random numbers heats up, many people suspect that random-number-generation chips built into various hardware within Intel are reliable. To understand why this random number is unreliable, you must understand the principle of generating random numbers.
The role of random numbers
The use history of random numbers has been thousands of years. Whether it's a coin toss or a roll boson, the goal is to let random probabilities determine the outcome. The same is true of random number generators in computers-generating randomly unpredictable results.
Encryption requires that numbers not be guessed by attackers, and that the same number cannot be used more than once. So a mechanism is needed to generate numbers that an attacker cannot predict, and these random numbers are critical to cryptography, and random numbers are required whether you are encrypting files or accessing HTTPS protocol sites.
True random number
If a computer generates random numbers by code, does it mean that random numbers can be predicted?
According to the generation principle of random number, we divide computer random number into two kinds: "true" random number and pseudo random number.
To generate a "true" random number, the computer detects a physical phenomenon that occurs outside the computer. For example, a computer can measure the radioactive decay of an atom. According to quantum theory, atomic decay is random and unpredictable, so this is the "pure" randomness in the universe. An attacker would never be able to predict the time of atomic decay, nor would it be possible to guess random values.
For a more practical example, a computer can be used to generate random data or entropy based on the noise in the environment or the exact time you use to knock the keyboard. For example, your computer monitors that the exact time you hit the keyboard after 2 o'clock in the afternoon one day is 0.23423523 seconds, and with enough of these long numbers you can get an entropy source and generate a "true" random number. Because people are not machines, attackers cannot master the time you knock. /dev/random devices in Linux generate random numbers, "block" access until the entropy accumulation is sufficient to return a true random number.
Pseudo random number
The concept of pseudo random numbers is relative to the "true" random number. The computer uses the algorithm to produce a number that looks like a random number by sending a seed number, but the number is actually predictable. Because the computer does not collect any random information from the environment.
Although it is a pseudo-random number, not all domains do not require pseudo random numbers. For example, if you're playing a video game, it doesn't matter whether the game is a pseudo random number or a real random number. On the other hand, if your application is being encrypted, the situation is different because you don't want the attacker to be able to guess your random number.
For example, if an attacker has mastered the seed values and encryption algorithms used by a random number generator, if the random number generator relies entirely on seed values and cryptographic algorithms to generate ciphertext, no additional randomness is added to the process, if the attacker has enough intelligence, They can be pushed back to determine the pseudo random number that the encryption algorithm will use, and can decipher the ciphertext.
NSA and Intel's hardware random number generators
To help developers more easily generate random numbers, and to help generate secure random numbers, Intel's chipset includes a hardware random number generator called Rdrand, which uses the processor's entropy source to provide random numbers to the software.
The problem is that this random number generator is a black box, and we don't know how it works. If Rdrand hides the back door of the NSA, the government can decipher the key generated by the unique data supplied by the random number generator.
The problem is very serious. In December 2013, FreeBSD developers canceled support for the direct adoption of Rdrand as a random number source, citing the inability to trust Intel. The output of the Rdrand device adds additional entropy to the other encryption algorithm, ensuring that the random number server does not have an impact even if there is a backdoor. Linux has done this by Rdrand random numbers on a random basis to ensure that backdoor procedures are not working. Intel CEO Brian Krzanich did not directly answer questions about whether a backdoor was installed on Reddit.
Of course this is not an Intel family problem, and FreeBSD's developers have also ordered the Via Chip's name. We can see from this argument why unpredictable true random numbers are so important.
and random number generators generate "true" random numbers only need to collect entropy or collect seemingly random data from the real world. For some applications that do not require a real random application, random generators may calculate random numbers by algorithm and seed values.