Random vs Pseudorandom
Your security relies on randomness! Yes, when you're scrolling TikTok or surfing the web, your security depends completely on randomization, and computers are set in their ways! These machines can't actually make a fully random number. In your computer, there are bits that switch on and off. When we create a key to unlock and lock data, it's generated based on a number of bits.
With just one bit, you can only create two keys. Today, making keys to encrypt and decrypt depend solely on how the key was generated using random data. Single bit isn't enough as someone could easily guess if it's on or off.
So we add more bits, which results in more possible keys. But, our computers don't know which bits to switch when generating a key pair. You have to gather data from unpredictable sources, which are a bit scarce in a computer.
You could use the time of day, its network, the computer’s details, IDs, and serial numbers. This data can be used to generate a bunch of nearly random bits that can then be used to make a key pair for locking and unlocking your data or encrypting and decrypting it. But here’s the problem: much of this data is predictable.
Intruders can figure out how a key was made based on your system, for instance, and reproduce your key, allowing them to access data. So, we truly need a method that's burglar-proof, something impossible to reproduce. That's where randomness comes in.
A good way to create truly random data is Cloudflare’s unique wall of lava lamps. They shine a camera on it, and that camera snaps photos to gather plenty of random bits. That randomness can then be used to create secret key pairs to lock and unlock data.
Even with a randomness generator using a wall of lava lamps at Cloudflare, it's possible to be hacked. To reduce this risk, you need many different sources of random data. Even then, you need to keep an eye out for possible threats.
Potential attacks can come from someone attempting to reproduce the picture Cloudflare is capturing, turning off the power to the wall of lamps, obscuring the camera with bright light or the lens cap, or physically altering the camera. Ultimately securing a source of randomness, like a wall of lava lamps, is only half the battle. You need multiple sources of random data.
Your computer, your phone, or a server can never be truly random and so we call them pseudo random. they can gather data that looks random but is actually reproducible. This pseudo randomness is used to create key pairs. The more random it is, the more secure you are because that means that your key can't be copied.
Therefore, you can obtain randomness with multiple solutions. Observing the real world, as Cloudflare did with their lava lamps, can provide true randomness but pseudo randomness comes from your computer. Pseudo randomness is not sufficient for security with today's computational power.
We need physical measurements of true randomness for real security.
