Thank you Richard!
Much appreciated here.
A group of French cryptographers reckons public lotteries are the perfect seed for elliptic curve cryptography. The group from company CryptoExperts and boffins from the Laboratoire de Mathematiques de Versailles in the University of Paris-Saclay playfully calls the scheme the “Million Dollar Curve” (modest in a world where …
The problem with the NSA's DUAL EC DRBG isn't that it is a bad random number generator. It is that the bad guys know what the random numbers are.
Here's a random number 3458127. Why not just use that as the seed for all pseudo-random number generator algorithms everywhere? It's public and random, so should be secure...
I have a secret, passworded, encrypted spreadsheet containing all the numbers drawn on the UK lottery since it began. This helps me identify which numbers have been picked the least. They're most likely to come up next.
I'm going to be a millionaire once nurse lets me out.
The type of lottery like the one the picture* illustrating the article shows a ticket of are hard to manipulate. Because the winning number is generated live on the spot.
Stuff like the scratch cards (and any other lottery using predetermined winning numbers) leave far more room for manipulation, especially in the preventing of payouts.
Historic trivia time: New York gangster Dutch Schulz used to run a numbers game, aka an illegal lottery. Winning numbers and the amount of the winnings (this is the clever bit) were based on the results and quotas of horse races on a regular racetrack. This was in the 1920ies/1930ies - decades before pocket calculators or laptops or smartphones. So (the possibility of the race itself being fixed) the punters in the illegal lottery believed numbers were not manipulated by the mobsters running it - anyone could get the results and winning quotas from the horse races and check them. However, Schulz employed a guy who was some sort of savant and could do numbers in is head like a computer. He used that guys calculations to change the quotas on the racetrack by placing bets himself, thereby lowering the payouts from his own numbers racket.
*Why a German lottery ticket?
Two weeks ago I watched (on Youtube) an episode of the American TV series "The Untouchables" that depicted these illegal lotteries. The episode is from 1959, but I found it surprisingly nice to watch. And the guest star was a youngish Peter Falk, showing most of the mannerisms he later displayed in "Columbo".
If you want random sources, I'm sure there is some data you can get somewhere about solar activity levels that would be exceedingly random and impossible for anyone to influence. Well they can't influence the sun, but I guess you'd need to get this data from multiple sources, like say observatories in the US, Russia and China. That would be required to overcome the possibility of someone hacking the site you were getting your numbers from to replace the 'true' solar activity level numbers. If you have your own solar observatory like some universities do, this is less of a concern.
The problem with any 'public' sources like that is that someone can figure out what your "random" number was. If you use that alone (without mixing it with any 'hidden' sources others won't have access to) then it is very bad if you are e.g. using that as the 'random' input to generate encryption keys.
Usually when an algorithm needs some arbitrary/random parameters the cryptographers prescribe the first n primes or digits from pi or something like that. I don't see why lottery numbers would be an improvement over that. Yes, lottery results are hard to manipulate, but they're still easier to manipulate than the value of pi.
Biting the hand that feeds IT © 1998–2019