Random numbers play an important role in modern computer security. Many programs that use encryption need a good source of random numbers for producing session keys. For example, the PGP program uses random numbers for generating a random key that is used to encrypt the contents of electronic mail messages; the random key is then itself encrypted using the recipient’s public key.
Random numbers have other uses in computer security as well. A variety of authentication protocols require that the computer create a random number, encrypt it, and send it to the user. The user must then decrypt the number, perform a mathematical operation on it, re-encrypt the number, and send it back to the computer.
A great deal is known about random numbers. Here are some general rules of thumb:
If a number is random, then each bit of that number’s binary representation should have an equal probability of being a 0 or a 1.
If a number is random, then after each 0 bit in that number’s binary representation there should be an equal probability that the following bit is a 0 or a 1. Likewise, after each 1 there should be an equal probability that the following bit is a 0 or a 1.
When examining a large set of random values, each with a large number of bits, then roughly half of the bits should be 0s, and half of the bits should be 1s.
For security-related purposes, a further requirement for random numbers is unpredictability:
It should not be possible to predict the output of ...