On Thu, 4 Sep 1997 17:44:24 -0600 Matt Calder writes: >Andy, > I am interested to know what application you are doing that >requires 'real' random noise. I have stated previously on this list a >lengthly objection to anything but pseudo-random numbers, but I could >(and >often am) be wrong. For generating keys to encrypt data, it is very important to use truly random numbers because this makes the keys as hard as possible to guess (all 2^N possible keys are equally likely). If a psuedorandom number is used there will be a strong dependence between subsequent keys or subsequent bits in the key that reduces the security tremendously. For example, using 64 bits output from a 16-stage feedback shift register to generate a "64-bit key" is folly, since a potential cracker has only to guess at the initial state of the shift register to generate all 65536 keys that could possibly be used. The key is effectively only 16 bits in length, and even that depends on loading a truly random number into the shift register. As for generating random numbers on a PIC there are several potential methods: * Value in RAM at powerup. Not likely to be random at all on repeated powerups of the same chip. * WDT timeout time. The WDT is a RC oscillator that varies quite a bit over voltage and temperature. PIC software could increment a register rapidly until the WDT times out, then consider the low few bits of the value left in the register to be random. This may not come out very random either, and it takes a second or so to generate each few bits of random number. * Time for user to press a key. This is generally regarded as quite random. However, numbers can't be generated automatically at any time then. * Other external source of randomly-timed events. Noise amplified from a noisy analog device is the usual method. It is important to be sure that periodic signals from the power supply, clocks, LED multiplexer, etc. don't couple into the amplifier and introduce subtle non-randomness. For any proposed method of generating truly random numbers, build a test system and conduct statistical analysis, to be sure that they are truly random. I think autocorrelation would be a good place to start, but I don't deal in statistics that much.