The strongest encryption algorithm in the world is useless if the key is predictable. If an attacker knows your random number generator (RNG) seed, they can recreate your 'private' keys perfectly. In computing, 'random' is often a lieβmost generators are actually deterministic.
Pseudo-Random Number Generators (PRNGs) use a mathematical formula to produce a sequence of numbers that *look* random. If you know the seed and the formula, you know the entire sequence. True Random Number Generators (TRNGs) derive randomness from physical phenomena, like thermal noise or radioactive decay.
π‘ In Linux, `/dev/random` is historically a blocking TRNG, while `/dev/urandom` is a non-blocking CSPRNG (Cryptographically Secure PRNG) that is sufficient for almost all cryptographic needs.
import random
import secrets
# BAD: Predictable PRNG for security
bad_key = random.randint(1000, 9999)
# GOOD: CSPRNG for security
secure_key = secrets.token_hex(32)
print(f'Unsafe: {bad_key}')
print(f'Secure: {secure_key}')The `random` module in Python uses the Mersenne Twister, which is great for simulations but completely insecure for cryptography because its state can be recovered after observing enough output.
The OS maintains an 'entropy pool'βa reservoir of randomness gathered from hardware interrupts, mouse movements, and keyboard timings. When a process requests a random number, it draws from this pool. On headless servers (no mouse/keyboard), entropy starvation can occur, causing the system to hang while waiting for enough randomness to generate a key.
β οΈ Using low-entropy seeds in embedded devices is a common vulnerability. For example, if a device generates its RSA key based on the system boot time, an attacker can brute-force the time and derive the key.
| Source | Randomness Quality | Typical Use Case |
|---|---|---|
| Hardware Noise (TRNG) | Absolute | Seed generation, Root CA keys |
| OS Entropy Pool | High | Session keys, IVs, Nonces |
| Mersenne Twister (PRNG) | Low/Deterministic | Gaming, Monte Carlo simulations |
| Time-based Seeds | Very Low | Non-security related IDs |
To prevent entropy starvation in cloud environments, architects use hardware RNGs (like Intel's RDRAND instruction) or software daemons like `haveged` or `rng-tools` to inject synthetic entropy into the kernel pool.
Virtual Machine snapshots can lead to 'Randomness Duplication'. If a VM is cloned, both clones may have the same RNG state, producing identical keys.
Verify exercises to earn β 160 XP and unlock next lab level.