> It is not hard to win this game. If you spent a whole day playing it, shame on you. But what if you did not know that you are playing a game? I dug up this toy when I saw people talking about generating 'random' numbers for cryptography by mashing keys or shouting into microphones. It is meant to educate you regarding the folly of such methods.
I wouldn't trust a human to generate enough entropy for any kind of key material. But I'd happily feed their output, and more importantly, the metadata around said output (like the ns delay between key presses) into the seed of a CSPRNG, (much more importantly, along with plenty of other sources of entropy).
The primary characteristic of a CSPRNG, is the inability to predict the next output, from the previous output. Once you get sufficient entropy to seed a CSPRNG, nothing you (correctly) mix into the state, can decrease it's security.
There is no folly in using human interactions to help seed a random number generator. Assuming you dont use the characters they type as the only seed input.
mildly related: when i want a single bit of entropy in my day-to-day without fooling myself, i think of a random long-ish word and decide based on the evenness of the number of letters. probably this isn't an unbiased oracle, but it's good enough when i don't have a coin handy and care about avoiding self-delusion more than fair odds.
> It is not hard to win this game. If you spent a whole day playing it, shame on you. But what if you did not know that you are playing a game? I dug up this toy when I saw people talking about generating 'random' numbers for cryptography by mashing keys or shouting into microphones. It is meant to educate you regarding the folly of such methods.
I wouldn't trust a human to generate enough entropy for any kind of key material. But I'd happily feed their output, and more importantly, the metadata around said output (like the ns delay between key presses) into the seed of a CSPRNG, (much more importantly, along with plenty of other sources of entropy).
The primary characteristic of a CSPRNG, is the inability to predict the next output, from the previous output. Once you get sufficient entropy to seed a CSPRNG, nothing you (correctly) mix into the state, can decrease it's security.
There is no folly in using human interactions to help seed a random number generator. Assuming you dont use the characters they type as the only seed input.
mildly related: when i want a single bit of entropy in my day-to-day without fooling myself, i think of a random long-ish word and decide based on the evenness of the number of letters. probably this isn't an unbiased oracle, but it's good enough when i don't have a coin handy and care about avoiding self-delusion more than fair odds.