National Standards for "Random" for cryptography purposes.

From Slashdot:

National Institute of Standards and Technology (NIST) has removed the much-criticized Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) from its draft guidance on random number generators following a period of public comment and review. The revised document retains three of the four previously available options for generating pseudorandom bits required to create secure cryptographic keys for encrypting data. NIST recommends that people using Dual_EC_DRBG should transition to one of the other three recommended algorithms as quickly as possible."

I just thought this might be of interest to some of you who argue that a RNG is not really random in a purely matematical sense but is random enough in a casino-owner sense. If some commonly used technique is being rejected for cryptography is it perhaps already being used in slot machines but susceptible to more analysis?

Quote: FleaStiff

From Slashdot:

National Institute of Standards and Technology (NIST) has removed the much-criticized Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) from its draft guidance on random number generators following a period of public comment and review. The revised document retains three of the four previously available options for generating pseudorandom bits required to create secure cryptographic keys for encrypting data. NIST recommends that people using Dual_EC_DRBG should transition to one of the other three recommended algorithms as quickly as possible."

I just thought this might be of interest to some of you who argue that a RNG is not really random in a purely matematical sense but is random enough in a casino-owner sense. If some commonly used technique is being rejected for cryptography is it perhaps already being used in slot machines but susceptible to more analysis?

The requirements for key generation far exceed those for slot machines.

Quantum random number generator created from an 8 Mega Pixel camera on an N9 Nokia Smartphone. Will provide portable and truly random number generation for encryption purposes. Slashdot.

Not understanding exactly what was said but googling it suggests that it can be broken by seeing a few results - which seems very poor. Interestingly I used the mersenne method ( http://en.wikipedia.org/wiki/Mersenne_twister ) initialised using the time on the mainframe and keeping continual internal state; but according to this ( http://en.wikipedia.org/wiki/CSPRNG ) it might not be good enough.

I thought "clocking" was a no-no for (P)RNG's.

Quote: 98Clubs

I thought "clocking" was a no-no for (P)RNG's.

"Straight" clocking is a no-no - even if the numbers aren't in order, as long as there is a fixed cycle. If you can determine when the "jackpot number" will come up to within 1/100 of a second, this is a major advantage.

I don't know nothing 'bout clocking and over-clocking, but I thought all this stuff about new and super random number generators might help you AP guys with slot machines that compute pseudo random numbers in a slower and more old fashioned manner.