I will explain this magical journey into the understanding for myself of this concept of a random number generator.
When I say random number generator that would split the world into a couple of categories or buckets. People who are snobs about their understanding of a random number generator, and people who are scratching their heads.
I'm by no means a snob. I'm still scratching my head, but I wanna do my best right now to articulate the significance and the utility of random number generation and how it fits into the modern world.
So how do I tell the story of random number generation?
The first thing that came to mind as a visual from childhood watching where they had these ducts of air blowing balls with numbers on them up into or and through these plastic, transparent tubes, and then they would grab the balls, and whatever number was on the ball that was one of several numbers that would ultimately equate to this series of numbers that would be the winning lottery numbers.
I don't know if I've ever played a lottery, I don't know how it's changed over the years. But I imagine that was a very theatrical and kinetic means of generating a sequence of random numbers, of blowing air almost like popcorn.
That amount of randomness would be sufficient to give you the confidence that the lottery wasn't rigged.
What's the earliest memory of random number generation that you can think of?
I don't know what lotto that was, but that was what I remember of it.
I suppose another way to think of it is the cliche of rolling the dice. If the dice have not been tampered with then they ought to generate random numbers.
There's a tradition of people who will actually use legitimately dice, shake and roll dice in order to kind of do a ritual to guarantee themselves that there is nothing but randomness in the sequence of numbers that they choose to apply to some application within computer science that relies upon a perfect vacuum of algorithmicality, if that's a word, I'm gonna make it up. Algorithmicality is my new word of the day, my random word of the day.
So the rolling of dice is probably an easier to digest kind of metaphor in the limited terms that I have to describe the utility of randomness in computer science.
How far into academia do you have to go with this for it to make any real world sense whatsoever?
Obviously, we don't want randomness when it comes to the sidewalk signals and the traffic signals.
We don't want randomness in our paychecks. What is the utility of randomness other than just to blow leaves around in the wind and for butterfly wings to create storms across the globe?
My understanding of the utility of randomness in computer science, if it had to have a bumper sticker like visualize world peace.
What would be the bumper sticker for the unique value proposition for randomness in computer science. It would be if I had to say it, unguessability.
But you cannot, by any means, cut corners and cheat to estimate or approximate a value by any form of guessing or estimation, or by following the bread crumb trail of an algorithm to arrive at an array of potential values.
These words, they don't come naturally to me.
This is not second nature for me to structure the English language in this manner.
It's me struggling to digest and understand the astronomical realms of math and computer science that I have exposed myself to over the last few years.
My financial freedom is 100% due to nothing other than the mathematical genius of people who are savants of computer science, mathematical algorithms.
So I owe it to them to have an understanding. So I will continue to elaborate and simplify and reduce where possible.
But for me, it's been a journey to learn, to appreciate what I would have made fun of in grade school.
A very big and powerful billionaire CEO, or former CEO founder, said something to the effect of, be nice to the geeks, because one day you'll be working for them.
I've been lucky and blessed enough. I've worked for geeks. Believe me. I had dreams about him last night. I have recurring dreams and nightmares about the geeks that I've worked for who could fillet me and turn me inside out with how intelligent they were with the metrics and the tools that they would apply to my performance on the job.
I've had them appreciate me. I've had them eviscerate me. So I live that truism of be nice to to the geeks because you'll be working them.
My opportunities in life have been limited by how much not of a geek I am.
I was never enough of a jock or enough of a geek to make it very far in this life.
It's only been at this point, thanks to the geeks that I have the freedom I have to philosophize in this way.
Anyway, what is the point of unguessability?
Well, in a world that is propped up by a cryptographic house of cards, where unguessability is the currency of the secrecy of nation states, corporations and even Joe Six Pack’s retail investment crypto currency bags, unguessability is our God.
And to put that in context, what is the most viable application of the monstrous bot net that is artificial intelligence? It would be to make the unguessable guessable, and that is one of my biggest fears.
The idea of what is a strong password? It is a password that no genius human being on Earth and no army of colluding supercomputers could guess in a billion years.
That's the the aim of unguessability.
The problem is, if you aim that far out, and the mechanism in order to fire a shot of unguessable trajectory out that far into the middle of nowhere, there better not be a way, a bread crumb trail, to reverse engineer the algorithm that set that secret on that trajectory.
So what happens is random number generators that are weak and that are ineffective, they get compromised because of possibly a simple coding error, or that they weren't random enough.
There's even the idea of pseudo randomness, the idea that you cannot program a computer to be random because the harder you try to make a computer be random, the more obvious it is the method that you went about doing that.
So there is a school of cyber security that says, don't call it randomness.
You can only ethically call it pseudo randomness, because whatever you hard code is gonna determine the output, even if it's a seemingly infinite array.
That's what they call security by obscurity.
It's obscure, it's slightly hidden, or maybe well hidden, but it's not impossible to follow that bread crumb trail.
So how then do you generate randomness?
Well, this is where it gets interesting.
I cannot say that I know what attributes of a random number generator are considered to be high versus low quality or high versus low assurance or confidence in the the unguessability of the randomness.
I don't know how that's measured. I just know that, from my experience, using the file and drive encryption tool known as Veracrypt, formerly Truecrypt.
If it's encrypted in this way, if you don't have the key, you can't decrypt it.
It sounds very obvious. It sounds very remedial. But no, you gotta ask yourself, how many things in this world are that secure? How many things cannot be ripped apart, torn upside down and backwards? And for the secret to be shaken upside down until the coins fall out of your pockets, there is no brute force means in the known universe to crack encryption that has been projected out to these astronomical mathematical problems.
Without the key you cannot open this.
That key is a string of unintelligible alpha numeric jazz that is a digest of an even larger set of numbers that boil down to binary ones and zeros that are so long and so incomprehensible to all computers and all life in the known universe that you cannot crack it.
In Veracrypt, you are prompted to increase the strength of the security of that randomness, you are forced by the application to randomly move the mouse cursor as vigorously as possible.
If you don't move it as fast and vigorously as humanly possible, it'll just halt, it'll grind to a halt, and you will not get your encrypted drive.
So I kind of wonder what it would look like to see the look on the faces of people who ever had to do this in a frenzy, because their life depended on the nanoseconds that they had to encrypt the drive before agents kicked in the door and pointed assault rifles at their head.
That they were sitting there and they were vigorously jerking the mouse to get to that finish line of randomness, that veracrypt requires in order to let you pass to the next phase, which is to encrypt your data.
But you can't cheat it, you can't sit there and get pouty and just wait and let the mouse be still.
It will stare you down into the abyss, and you will get nothing and go nowhere.
You have to sit there and vigorously create randomness by jerking the mouse in random directions.
It even says I don't remember exactly the quote but it says something like the more chaotic you move the mouse the stronger your security is gonna be.
I’m gonna take their word for it, I don't know what they're doing in the code behind the scenes.
That's above my pay grade. But I did want to, in my quaint cargo cult manner, I wanted to create a fun graphical user experience that approximates that experience of generating randomness by shaking a mouse around to create a random number.
So where the rubber meets the road on this one for me was that I said, okay, I know a couple of things about front end, client side javascript.
I know a couple things about style sheets and about HTML, so I'm gonna try to make a gag for myself, a quaint gag for myself about generating a random number generator.
That that is an homage to the veracrypt randomness. exercise that you're forced to endure it, and that you are glad to endure because of the value of that service.
So there is a function that can be very simply written out in the code of a website that says wherever the mouse cursor is within the range of a browser window, every time the mouse or the cursor moves at all, even one pixel, you can capture those coordinates, the X-Y coordinates it's almost like gps for the browser window so if you capture those coordinates every time the mouse moves at all you get these numbers that represent the number of pixels out from the left side of the screen and the number of pixels down from the top.
So at any given time if you are running this function you are gonna be able to store the values in real time from pixel to pixel movement.
What is the number of pixels from the left of the screen as the X, and the number of pixels down from the top of the screen, which is Y
I'll do a little pop quiz. What comes to your mind if you say zero, comma zero, with the first value representing the X axis and the second value representing the y axis, zero zero is the top left corner.
If you had a window that was 1000 pixels wide and 1000 pixels tall, then 1000 1000 would be the bottom right corner.
So as you move the mouse around the X and Y coordinates are gonna create a great deal of randomness from one to the next because the probability that you are going to make perfect geometrically correct straight lines from one end to the other and there's not gonna be any wonkiness...
Even if you try to make a box or you try to make a triangle, is gonna be so difficult, you're not gonna get it perfect, even if you try.
So that's why I believe they say, the more vigorous you engage in this in this activity, the more randomness you're gonna generate, the harder it would be in a billion years with all the computers and geniuses in the world working together to crack your randomness value.
The more like jazz it is, the harder it is to square it away and and reverse engineer it and follow a breadcrumb trail.
So. To me, that made a lot of sense. When I understood the risk of relying solely on a computer to generate randomness. Well, at some level, no matter how hard you try, there's gonna be some line of code that determines what the potential outcomes of that randomness could ever be.
When it's computers against computers, more computers will crush less computers to find out what all of the possible permutations of the computer generated randomness could ever be, there's only so many relative to a vastly more entropic potential of human generated randomness.
Or for that matter, randomness that is derived from nature, or from processes that are considered chaotic.
So you could move the mouse, or there could be some sensor that derives randomness, theoretically, from the currents of drafts in a room.
But you couldn't do it with a fan that moved from left to right in a programmatically designed manner, because you could derive patterns from that at some level.
You couldn't derive randomness from a room with closed windows where the draft was being generated by a fan, because that fan, the speed of the motor and the range of the fan twisting on an axis, are guessable enough to crack your encryption and to make it a bad day for you, so you would have to open the windows, and you would have to make sure that there's no time stamp on that randomness.
Because it was knowable, what the prevailing winds of that day of that time of year were that could be deduced by these geniuses and their armies of monstrous bot nets to break your life and death encryption.
So, hey, if Vera crypt tells me to sit there and move a mouse around for however long it takes for them to say that was enough, I'm gonna take their word for it, and I'm gonna accept that.
Going back to the tool that I made, which I will now describe in briefer terms, after this very indulgent excursion into absurdity, I admit.
But we are all the slaves of the geniuses at some level.
And my mantra is no longer that wealth in markets goes from week hands to strong hands.
It's that wealth in markets goes from dumb people to smart people.
I'm not the dumbest dumb person. And I'm certainly not the smartest smart person.
I don't know where I'm at in the grand scheme of things, but I will admit a lot of stuff goes over my head. A lot of stuff does not compute without great effort and the assistance of computational tools.
So I'm humbled, and I think we are living in a paradigm of Neo from the Matrix meets Revenge of the Nerds, and we are all on that continuum somewhere.
I pay respects, I'm trying my best now in this moment to pay my respects.
This Tool that I created it gives you the experience of creating randomness by moving a mouse and what you see is that there is a crude die as in dice that, that appears be rolled when you move the the mouse.
Every movement you make with the mouse adds random numbers to the page, and you see the random number grow into a giant block of random numbers. It doesn't just go on forever.
Within 5 seconds, however much movement you've done with the mouse is gonna be reflected in how big that block of random numbers is.
So if you were very, minimalistic in your mouse movements, you will generate a random number that is relatively short.
If you are vigorous in your movement of the mouse, you're gonna generate a random number that's relatively long.
You have a prompt at the top says, shake the dice to generate randomness.
You have 5 seconds to do it. When the timer runs out, the number that you see is the number that you get, and then you have a prompt to select your number.
I created a little flashlight, you get to click and drag the mouse along whatever section of that random number that you wanna use, if you care to use it for something which this could be a total novelty for you or you could be in one of the nightmares that I have very often, which is that it is like the matrix, and you are like Neo and in order to avoid the agents, you need randomness stat for some task that's gonna save your life.
I won't even go into what I've learned about the vulnerability of people whose lives depend on randomness. I’ll save that for another time. But there are people on Earth to whom this is not a novelty, and to whom random number generation is a life and death matter, not just rich or poor, but life and death.
I do take it seriously.
How can it be guaranteed that it is at least difficult, if not impossible, by any known technologies, to reverse engineer and to find some pattern within those numbers?
You are the factor that is unguessable. Your unguessable mouse movements are what makes this almost impossible to reverse engineer.
Certainly the if I use a weak pseudo random number generation script, to me it seems totally random there's no way I can guess what's going on behind the scenes. I'm fooled. I'm fooled by the magic trick. But a very sophisticated human hacker, or in in concert with the algorithms that they and their and their associates are able to create, they look all the way down to the lowest level of that code that generates the randomness.
And they say, aha. It says, move ten steps forward, and then nine steps back, and then ten steps forward, and then eight steps back, and then five steps forward, and then repeat, or something like that.
So to the human eye, at a certain point, it's absurdity, you give up.
But a machine can go, okay, well, I can calculate that in every possible permutation over time.
And even given some potential noise and bit flipping, whatever you wanna call it, it can be simplified, reverse engineered oh, there goes a million dollars worth of what I thought was secured by a random number generator that was faulty.
So I don't have great confidence that it's impossible to reverse engineer the randomness that is created by using this tool.
But I will say, the randomness is not a promise that is hard coded into the actual code that I wrote. The randomness is it emergent property of what the end user does by moving that mouse.
What is knowable? What is baked into the code.
What's hard coded is what happens to the the value of that mouse moving around that cursor, moving around.
You you right click and view the source, what is viewable, or what is visible and transparent about what's in the source is that, every time you move the mouse, the number, that is the value that's generated every time you move the mouse in any direction, the X coordinate value multiplied by the Y coordinate value. And that number is added every time that number is generated, it's added to the previous number.
So that you have this, this running sort of tab, this running score of X times Y, of coordinates from the left and from the top of the screen.
You would have to perfectly replay every movement of that mouse in order to ever again for eternity, get a number as absurdly long and random.