Sabotaging Random Numbers

Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

A reader asks about sabotaging a random number generator.

Steven H writes …


The article on randomness in Excel was quite interesting, and the link to random.org was neat.  Two thoughts come to mind almost immediately though:

 

If you have an application where you absolutely need true random numbers, it is most likely the type of application where you also absolutely cannot trust anyone else – particularly a web site of unknown provenence.  You would really want to build your own radioactive random number generator from

discrete parts (that is, no CPU or even integrated circuits) and run the input directly into the serial port of the PC.  If you aren’t that concerned about security, then a pseudo-random generator is probably more than good enough.

 

The other thing that leaps to my mind right away is that if I knew a lot of people were using this system, I could poison it by operating a transmitter on the radio noise frequencies to bias the results.  It wouldn’t work for long, because the (a) I assume the Random.org people run mathematical checks on their output to tests its ongoing randomness (b) radio astronomers would get pissed off and come find your transmitter, but it might work for long enough to let you break an opponent’s encryption system for example.

Thanks for your note, while what you say about random.org is strictly true I don’t feel it matters for all but the most extensive and complex needs.

 

For complex scientific and government needs, they would not (I hope not) be relying on a third-party web site.  The likes of CERN, CIA, FBI, Mi6 etc presumably have their own closely guarded systems.

 

Even if you knew enough about the inner workings of random.org to tinker with the input stream (and the operators didn’t notice) — why would you bother except simply as a prank?  The effort expended could hardly give any practical return.  It would be incredibly difficult to tweak the inputs in such a way as to alter the output random numbers in any predicable or useful way.

 

Random.org is a useful supplement to Excel’s own RAND() function – either of them is sufficiently random for all but the most extreme needs.

 

Random.org’s advantage for Excel users isn’t really greater randomness but producing sequences in a simple way that would be difficult to reproduce in Excel.  That was what we demonstrated in the Office for Mere Mortals article.

 

Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address