[Cryptography] How good random number generator is the human brain at conscious level?

James A. Donald jamesd at echeque.com
Wed Dec 20 02:05:11 EST 2017 

On 12/18/2017 3:39 PM, Ray Dillinger wrote:
> 
> 
> On 12/16/2017 01:28 AM, Georgi Guninski wrote:
>> How good random number generator is the human brain at conscious level?
> 
>> Searching the web returns forum speculations that it is bad PRNG
>> and some paywalled medical articles claiming otherwise.
> 
>> "Hardware" stuff like neurons firing or muscles moving doesn't count.
> 
> Pretty terrible.  When they asked humans for random numbers distributed
> between 0 and 16, put one number in each byte, and compressed using
> gzip, the output was 2.76 bits per byte input rather than the nominal 4
> bits per byte input.  This simple empirical test means that an humble
> statistical tool was able to eliminate 2.48 bits of redundant
> information from every human-generated "random byte."

I would say that is good enough randomness.  sixteen of those bytes, the 
size of a credit card number, is 17*10^12 possibilities.

That is rather more than enough to defeat an online attack.

For an offline attack, we can make testing the value to be input take an 
arbitrarily long time, though of course the attacker may well have more 
powerful hardware than the defender.

Make testing the value offline take one second on the defender's 
hardware. Assume the attacker has hardware one million times as powerful 
as the defender's.

Then it is going to take the attacker about a year of his dedicated, 
expensive, hardware.

> 
> That's biases, repetitions, and patterns detectable by an off-the-shelf
> compression program that DOES NOT detect all possible (nor even all
> likely) biases, patterns, and repetitions.  So the 5.52 bits observed is
> a maximum estimate. If you build a more exhaustive test, you can almost
> certainly demonstrate an upperbound smaller than that.  Hell, the
> current version of gzip likely demonstrates an upperbound smaller than
> that; somebody ought to repeat the experiment.
> 
> 				Bear
> 
> 
> 
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
> 


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

More information about the cryptography mailing list