While they may be as secure, I would not call that the same level of random. I’ll agree they are equal in almost every use case, but truly random is still “more random” in comparison.
Though I’ll concede that if it can’t be proven to be truly random, it’s not of much use.
How do you measure the amount of “true randomness”? CSPRNGs can use very little entropy to generate large amounts of random data. Mathematically speaking there isn’t any difference between that and what you call “true randomness” - if there was, they wouldn’t be CSPRNGs.
Truly random would be something that is impossible to reproduce. While you are correct that we can approximate randomness, the final calculation can always be replicated if the initial inputs are known. Just because something is exceedingly difficult to replicate, doesn’t mean it is truly random.
Think of it like cleaning your pool. You have a vacuum, chemicals, the system circulates, maybe a skimmer or a net. You can get the pool to the point that it is acceptable to swim in, but you’re never actually swimming in a clean pool. In a similar manner, current random number generators get you to a point that you are (usually) fine assuming the number is random, but it never really is.
I know what you’re trying to get at, but my point is this: Imagine you have two streams of data, one from a CSPRNG, and one from what you call “true randomness”. How can you tell which one is which (as long as you’re staying under the CSPRNGs limit from your initial entropy)?
If you can’t tell me a way, there is no functional difference between these two options. So what advantage would true randomness hold?
I said this in another comment, but while I agree that there is virtually no functional difference, and in the vast majority of cases truly random and functionally random are equivalent, that doesn’t mean that something which is functionally random is truly random.
But it is truly random for all intents and purposes, since the input is truly random. Just because the process contains deterministic steps doesn’t mean the input entropy isn’t true entropy anymore.
Honestly you won’t be able to build a device with this thing in it for cheaper than alternatives. For home usage it’s about 50-100$. And a good enough PCI card like Quantis will be 3000$ with a bandwidth of 240Mbps.
And that’s not even discussing bandwidth. In most cases bandwidth (number of random bits generated per second) is the limiting factor in usage. You want them to be fast enough that when you need a number you’re not waiting for it.
There are easier ways to get the same level of randomness.
Removed by mod
The same level as locally truly random? What provides that same level of random?
Proovably secure PRNGs are as secure as TRNGs. All you need is enough entropy and that you can get from plenty of sources.
A single chip you rely on for entropy is a problem as you cant look inside. Therefore you cant trust it fully.
While they may be as secure, I would not call that the same level of random. I’ll agree they are equal in almost every use case, but truly random is still “more random” in comparison.
Though I’ll concede that if it can’t be proven to be truly random, it’s not of much use.
How do you measure the amount of “true randomness”? CSPRNGs can use very little entropy to generate large amounts of random data. Mathematically speaking there isn’t any difference between that and what you call “true randomness” - if there was, they wouldn’t be CSPRNGs.
Truly random would be something that is impossible to reproduce. While you are correct that we can approximate randomness, the final calculation can always be replicated if the initial inputs are known. Just because something is exceedingly difficult to replicate, doesn’t mean it is truly random.
Think of it like cleaning your pool. You have a vacuum, chemicals, the system circulates, maybe a skimmer or a net. You can get the pool to the point that it is acceptable to swim in, but you’re never actually swimming in a clean pool. In a similar manner, current random number generators get you to a point that you are (usually) fine assuming the number is random, but it never really is.
I know what you’re trying to get at, but my point is this: Imagine you have two streams of data, one from a CSPRNG, and one from what you call “true randomness”. How can you tell which one is which (as long as you’re staying under the CSPRNGs limit from your initial entropy)?
If you can’t tell me a way, there is no functional difference between these two options. So what advantage would true randomness hold?
I said this in another comment, but while I agree that there is virtually no functional difference, and in the vast majority of cases truly random and functionally random are equivalent, that doesn’t mean that something which is functionally random is truly random.
But it is truly random for all intents and purposes, since the input is truly random. Just because the process contains deterministic steps doesn’t mean the input entropy isn’t true entropy anymore.
Agreed.
Honestly you won’t be able to build a device with this thing in it for cheaper than alternatives. For home usage it’s about 50-100$. And a good enough PCI card like Quantis will be 3000$ with a bandwidth of 240Mbps.
And that’s not even discussing bandwidth. In most cases bandwidth (number of random bits generated per second) is the limiting factor in usage. You want them to be fast enough that when you need a number you’re not waiting for it.
deleted by creator