Random.org provides true random numbers through an unsecured web service. Since

Question

Random.org provides true random numbers through an unsecured web service. Since these numbers would be transmitted in plaintext could they still be considered useful as true random numbers while maintaining security in a cryptographic solution?

At first I was thinking if a large pool of them was obtained then a small subset of them could be used randomly to make the fact they are known of less use. Then I realized that no matter how many random numbers were obtained this way, it would still be a smaller number set to explore in attempting to crack the cryptography.

Explanation / Answer

The more I think about it, the less I would be willing to use Random.org for any sort of cryptographic application. My reasons are listed below.

+ See Q2.2, the groups listed are not cryptographic groups and potentially (or probably) don't have cryptographers on their evaluation teams
+ They specifically say not to use it for cryptography
+ It is closed source. So, I would have no way of knowing if they properly mutex their RNG so that only one person is drawing from it at a time. There are other implementation issues that I (or someone/some group much smarter than I could check for).
+ Using this would require an internet connection for all randomness.
+ Current CS-PRNGs are much faster and options are available which suffer from none of the weaknesses listed above.
+ The RNG could change at any time without me knowing.

That said, these reasons don't necessarily answer the question. They only give insight as to why I personally wouldn't use Random.org for cryptography. Would it be secure to use Random.org in cryptographic solution? Possibly. There really isn't enough information to really know.

Related Questions

Navigate

• Browse (All)
• Browse R
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.