I had in mind an idea for something like random.org that wouldn't have random.org's rate limiting problems. The idea was to get random bits from random.org as often as they would allow, but then to feed these into a Mersenne Twister algorithm (which is just the best pseudo-random number generator I could find), and generate random numbers from that, and also feed in the request times as another source of randomness.. so when people asked for random numbers, they would be pretty darn random numbers.

Anyway, I humanscripted the creation of the core bit of this — a thing that would get bits from random.org at their rate limit and feed that into a Mersenne Twister, but now I'm having seconds thoughts about the usefulness of the whole thing. First, I was going to host the thing as a free heroku app, but that would be slow for people at first (since it would idle a lot), reducing adoption, and even if it was fast, I'm not sure people would trust it to be random for the things I had intended it for, like generating passwords. My thought for getting around this was to have the client actually take bits from my heroku app to seed their own Mersenne Twister with some local randomness, like the current time, but if they're going to do that anyway, I'm not sure they'd be motivated to use my heroku app.

I'm now thinking a better approach may be to create a static random.js file that people can include which overrides Math.random with a Mersenne Twister that is seeded from the current time, as well as any mouse movements that happen on the page..

..hm.. why don't computer come with hardware random number generators?

No comments:

Post a Comment