A number of interesting responses were there, which I’d like to share here.
Since a computer can’t choose a number truly at random (and neither can humans, technically), what is a random number in the context of a computer. Since the computer calculates the number, is it only “relatively random” i.e. to the user, the number ‘seems’ random when in fact it isn’t? I was wondering about whether a user can successfully predict which “random” number is going to be generated by the computer.
I got a few ansers, the best and most explanatory of which was by Kiat Chuan Tan.
There are two main ways a computer can choose a “random” number: using a pseudo-random number generator (PRNG), or using a hardware random number generator.
A pseudo-random number generator, as the name suggests, isn’t truly random. PRNGs typically use deterministic algorithms such as lagged Fibonacci generators or the Mersenne twister. These numbers generated by these algorithms are completely determined by the start state, and will eventually repeat. However, a good choice of parameters for the algorithms will make the period sufficiently large for practical use (2^19937 – 1 for the Mersenne twister).
A hardware random number generator, on the other hand, is theoretically supposed to be truly random, in the sense that it is based on noise generated by physical processes, e.g. sampling of ambient noise from a sound card.
Micheal Hamburg added that:
There are some generators that (unlike the Mersenne Twister) are believed to be cryptographically pseudorandom. That is, if they start with a small amount of randomness (say, 32 bytes), then there should be no algorithm which, running on all the supercomputers in the world for a thousand years, could notice a meaningful difference between the “random” numbers they output and truly random numbers generated by a hardware device.
Now, I was wondering if I could actually find a service which could, essentially, guarantee me randomness. A source for random numbers which was truly random and unpredictable.
So how do they generate their random numbers?
RANDOM.ORG uses radio receivers to pick up atmospheric noise, which is then used to generate random numbers. The radios are tuned between stations. A possible attack on the generator is therefore to broadcast on the frequencies that the RANDOM.ORG radios use in order to affect the generator. However, radio frequency attacks of this type would be difficult for a variety of reasons. First, the frequencies that the radios use are not published, so an attacker would have to broadcast across all frequencies of all bands used for FMAM broadcasting. Second, this is not an attack that can be launched from anywhere in the world, only reasonably close to the generator. RANDOM.ORG currently has radio receivers in several different countries, which would make it difficult to coordinate this type of attack. Third, if an attacker actually did succeed at broadcasting highly regular signals (e.g., perfect sine waves) at exactly the right frequencies from the right locations, then the RANDOM.ORG real-time statistics would pick up the drop in quality very rapidly. In particular, the Source Purity and Information Entropy tests would start failing dramatically, which would raise an alert.