There have been many incidents of coin loss by wallet users of various brands in history, all because of problems with the random function.

Randomness is very important, especially for Bitcoin, a cryptographic electronic currency. It's a pity that there are not many discussions about randomness in the community, which leads to many people lacking a correct understanding. Therefore, we will talk about randomness with you today.

When it comes to randomness, there are two concepts that must be clarified: "True Random Number Generator" (TRNG) and Pseudo-Random Number Generator (PRNG).

Most of the random functions in computer programs and languages ​​are pseudo-random number generators, and they all use a "seed" (such as "time") to generate "looks random" results by a certain algorithm.

There is no doubt that as long as anyone knows the algorithm and seed, or the random numbers that have been generated before, it is possible to obtain the information of the next random number sequence. Because of their predictability, they are not cryptographically secure, so we call them "pseudo-random". This kind of random number is not a big problem for the villain in the game to run away. If it is used to generate a Bitcoin private key, it is too unsafe.

Let's talk about the true random number generator. In the Chinese Wiki, it is not very accurate to equate the "hardware random number generator" (HRNG) with the true random number generator. True randomness in the strict sense may only exist in quantum mechanics Among them, what we currently want (or can want) is not this kind of randomness.

We actually want an unpredictable, statistical, and cryptographically secure random number. As long as a random number generator that can do this can be called a true random number generator. This kind of true randomness does not necessarily have to be specially designed hardware. The random number generator (/dev/random) in the kernel of the Linux operating system maintains an entropy pool (collecting hardware noise, such as: keyboard, mouse operation, network Signal strength changes, etc.), making it possible to provide the largest possible random data entropy, so it is also a high-quality true random number generator.

However /dev/random is blocking, that is, if the entropy pool is empty, read operations to /dev/random will be suspended until enough ambient noise is collected.

Therefore, when developing programs, we should use /dev/urandom as a copy of /dev/random, it will not block, but its output entropy may be less than /dev/random.

Ok, after all that said, what kind of random number generator should we use to generate private keys when we develop Bitcoin applications?

The answer is simple: urandom. Always use urandom only.

Do not use any third-party random number solutions, even some advanced security libraries that provide random functions that claim to be "very secure". Because they are all cryptographic random number generators in user mode, and urandom is a random number generator in kernel mode. The kernel has access to the entropy of the raw device, and the kernel can ensure that it does not share the same state between applications.

Historically, countless random number failure cases have mostly occurred in the random number generator in the user state, and the random number generator in the user state almost always depends on the random number generator in the kernel state (if you do not rely on it, then The risk is greater), except that it may simplify some of your development work, there is no additional benefit at all, but it increases the potential security risks that may be caused by the introduction of third-party code.

Therefore, developers should use urandom when they need cryptographically secure random numbers.

Finally, some children asked, do your BITHD hardware wallets generate true random numbers?

Here's the answer: Of course it is

BITHD's chip has a hardware random number generator, which will generate a true random number by obtaining a physical noise source. This is unpredictable and undetectable, and it is a true random source.