How Random is Random Enough For Cryptography?
Random numbers in cryptography are key (pun intended). They can be a weak point in a crypto system and, consequently, are frequently the target of attack. So I've been trying to get my head around the subject of randomness.
I was always taught that thermal noise from a diode junction was random, but now -- it seems -- not random enough. Cryptographers inhabit a twilight world where they are always trying to think up possible attack methods by the bad guys and then figuring out ways to defeat them. And it's a good thing that they do, as most people (me included) rely on secure communications for transactions like on-line banking and shopping. But I digress...
Many of the top gurus of cryptography work at the National Institute of Standards and Technology (NIST). This organization published specifications of how to make an apparently random stream of bits suitable for use in encryption. The solution in its specification SP800-90A is to take the bit stream and encrypt it in a machine called a Deterministic Random Bit Generator (DRBG) to create a Random Number Generator (RNG). That makes sense to me.