One of the more common Bitcoin “Bugs” is bad random number generators creating non-random addresses.
Does SAFE has a plan to deal with such? What would the consequences be of various clients using less than random random numbers within the SAFE environment? Do we have any preventative measures to deal with such issues? Seems like it would be difficult since we don’t know who the clients are. How much does it matter?
I believe the solution MaidSafe have adopted is to avoid hardware and use known random number generation and encryption libraries. This ensures that whatever the platform, the algorithm and implementation are known and can be checked.
Also using NaCl helps we should know when we have issues, security sprint will happen soon enough as well. All will be covered I hope, we need to keep a list of concerns
What about using Geiger tube to generate true random numbers based on radioactive decay?
Overkill?
Well, I doubt every cell phone user is going to carry one around… That is the issue that I was wondering about. In a distributed network people may be using different version of the software, or they may even write their own software to talk SAFE’s protocols… Because various task are delegated to various clients. The possibility that a client is supposed to be doing something random but is actually doing something significantly less than randomly could cause various parts of the network to misbehave… Seems like an important thing to think through and inventory and where possible prevent.
Not being a cryptographer, I suspect you could hash several supposedly random numbers from several sources together and get something pretty darn random even if not all of the components where random.
Who owns and manages the Geiger tube in question might be kinda tricky. Perhaps some emergent property from the network noise itself may be useful at some point (even if not currently required) in terms of generating a bit of randomness?
On a more meta level I am not sure that mathematics alone can ever provide true randomness, but only a black box which is doing something ultimately predictable and calculable if only one knew what was in there.
We should demand all motherboard OEMs to add a TRNG… But the question is tun tun tun, can we trust them?
The ultimate fantasy here is if unique blocks of entropy could be offered on the network; the problem is it introduces trust on the origin of those entropy blocks: are they truly random generated (eg from radio-active decay)