Randomness
The following is now available on CodingClues.eu.
I know I should be hard at work, but… it took only 10 minutes! 
And sometimes I should really scratch that programming itch when it comes along…
Yesterday I did some reading and talking on the Debian OpenSSL desaster. guruz brought in an interesting website on random number visualization.
I don’t know about you, but I couldn’t help but think that PRNGs can’t be that bad. Or at least they wouldn’t be this bad in Linux, where timing and attributes of mouse and keyboard activity, disk I/O operations and specific interrupts are used as entropy sources.
So, I wrote my own little test script:
#!/usr/bin/python
from PIL import Image, ImageColor, ImageDraw
import randomim = Image.new(”RGB”, (512, 512))
draw = ImageDraw.Draw(im)for y in range(0,512):
for x in range(0,512):
if random.choice([True, False]):
draw.point((x, y), fill=(255,255,255))im.save(”test.png”)
The following three pictures were made using this script:
Looks pretty random to me after all. Not at all as bad as the example pic shown in the mentioned article.
There are some things to note though:
- Both the original author and I could have made errors in coding
- Where in Windows, applications specifically need to use the crypto API for “good” random numbers, Python will use randomness sources of the operating system instead of the system time “[i]f randomness sources are provided by the operating system“.
- About the same: “On a UNIX-like system this will query /dev/urandom, and on Windows it will use CryptGenRandom“. I’m not sure PHP does the same thing.
So, maybe don’t take this as the last word on the matter. 
However, it’s interesting to note that Linux will in most cases automatically use cryptographically secure randomness, although the downside is that this might use up the entropy pool which won’t be available for “real” cryptographic software afterwards.
October 28th, 2008 at 11:00
[...] has been originally published on tomcat.ranta.info on May 21, [...]