this post was submitted on 08 Jan 2025
143 points (95.0% liked)
Programmer Humor
20106 readers
1277 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm worried about relying on remote servers for random numbers, especially for cryptographic purposes. There's no way to verify that you aren't the only person with access to those numbers, and it's fairly difficult even as the sysadmin to ensure that they're logged nowhere.
"oops our software had a bug that made it return nonrandom values for a month"
the trick is to combine all your uncertainty sources together. So in the worst case your numbers still have as much entropy as if you did not have the external source. And even if somebody else knows those numbers they do not know the actual numbers you are using. Of course that raises the question: if your other entropy source is good enough that you are happy in your worst case what is the benefit from some extra source of entropy? So i have argued myself into agreeing with you :) crypto is not a good use case for such a service. The wall of lavalamps mentioned above is a better solution.