Talk:Lavarand

Old discussion
This article is about lavarand, whereas the link is to the LavaRnd site. See this page for the reasons why this is inaccurate. I am removing the link. Alex Dodge 19:36, 19 September 2006 (UTC)

The article suggests that the lavarand system is "truly" random. Adding a source of entropy does not truly randomize something as there is still some level of prediction. I think this statement should be removed from the article.


 * Agreed. I have removed the word 'truly', because it is debatable at best. Nath 19:33, 2 May 2007 (UTC)

Source?
Is the source available anywhere, and did it use IndyCams? — Preceding unsigned comment added by 69.65.91.78 (talk) 01:36, 25 January 2015 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 1 one external link on Lavarand. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Corrected formatting/usage for http://lavarand.sgi.com/

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.—cyberbot II  Talk to my owner :Online 18:46, 2 July 2016 (UTC)

True Random Number Generator? What's that?
The text currently says this:

"the full process essentially qualifies as a "true" random number generator due to the random seed that is used".

This implies there there is some well defined standard for RNGs called TRNG that can be achieved and qualified. This is untrue. There is no such clear definition of "True Random Number Generator".

The reasonable description of lavarand, along with many other RNGs is "A periodically reseeded Cryptographically Secure Pseudo Random Number Generator". This is what ANSI X9.82, NIST SP800-90C and general practice guides RNG designers to do. There are terms for close-to-full-entropy RNGs defined by SP800-90C, such as ENRBG and NRBG however I suspect that the nature of those things in the NIST specs while matching what people think of when they say "TRNG", the details do no match at all, because a DRBG (PRNG) is still included and mixed in, either with the XOR construction or the oversampling construction defined in 90C.

Maybe we need to define the CSPRPRNG (Cryptographically Secure Periodically Reseeded, Pseudo Random Number Generator)? Although NIST, being NIST would change the name to CRPRDRBG just to be annoying. I'll put that in my book, so when it's published, wikipedia can reference it and it'll be real.

The details of linked Lavarand web page reveal that it hasn't been designed to any of the standards or in reference to extractor theory. The extractor algorithm is SHA-1. This doesn't meet any standard and extractor theory tells us a single input extractor needs and independent seed in order to work. The PRNG used is Blum-Blum-Shub, which is certainly problematic for cryptographic use. The wikipedia entry on BBS is weak and doesn't go into the implementation issues, which are grave.

So while "TRNG" might be the term to describe what people think LavaRand is, TRNG is not a well defined term and if it was well defined in the manner above, Lavarand would not be 'qualify' as a TRNG.

I suggest changing "using the result to seed a pseudorandom number generator.[1]" to "using the result to periodically reseed a pseudorandom number generator.[1]" and delete the sentence that follows.