nullprogram.com/blog/2009/08/11/
A year ago while I was reading Applied
Cryptography I got an idea for using IRC as a random number
generator. The book mentioned using a rolling car wheel to generate
random numbers, by measuring its period. So why not IRC? Grab the
code,
git clone git://github.com/skeeto/ircrng.git
It's based entirely on event timing: it logs in and sits on several
channels, then measures the time between events. When a new event
occurs it compares the time passed between this event and the last
event, and the time between the two events before it. If it's greater,
emit a 1, if less emit a 0. Simple.
For skew removal I used transition mappings
(rfc1750), invented by von Neumann. It looks at pairs of bits. If they
differ, pass the first bit, otherwise toss both bits. So if it comes
across "11" or "00", it tosses them. If it comes across "10" it emits
"1", and "01" it emits 0.
Here's an analysis by
ent
of 476 output bytes I generated overnight: irc.random.bytes.
Entropy = 7.515132 bits per byte.
Optimum compression would reduce the size
of this 476 byte file by 6 percent.
Chi square distribution for 476 samples is 274.79, and randomly
would exceed this value 25.00 percent of the times.
Arithmetic mean value of data bytes is 127.7248 (127.5 = random).
Monte Carlo value for Pi is 2.886075949 (error 8.13 percent).
Serial correlation coefficient is -0.062745 (totally uncorrelated = 0.0).
Eh, not awful, but not too great. It got a good score on the
Chi-square test, which I attribute to the skew filter. This generator
is also extremely slow, generating only a few bytes per hour. At
best, each event only generates a half of a bit, after skew
correction. It would probably be more profitable to take the hash of
the actual event with a timestamp and use that as the RNG.
Also, someone else running this generator on the same channels would
generate very similar numbers. Worse, someone eavesdropping on your
network connection knows mostly what numbers you generated. Worse yet,
someone actively modifying your connection could control your
generator and force whatever output is desired.
So overall, I would say it's not very useful.